suja s created RANGER-4708: ------------------------------ Summary: Grant/revoke commands honoured by Ranger policy Key: RANGER-4708 URL: https://issues.apache.org/jira/browse/RANGER-4708 Project: Ranger Issue Type: Bug Components: Ranger Reporter: suja s
STEPS TO REPRODUCE: Create table t1 in hive As user u1, perform invoke grant/revoke commands via hive beeline for table t1 Inspect access audit logs corresponding to grant/revoke operations User u1 can have admin or USER role on ranger side. CURRENT BEHAVIOUR: Logs show that the grant or revoke operation is allowed by default ranger-hive policy 'default database tables columns' (public group has create permissions on resource=[default/*/*]) EXPECTED BEHAVIOUR: Grant/Revoke operations are admin operations and should be performed by a user having admin role on ranger side. The permissions shouldnot not be granted via ranger policy -- This message was sent by Atlassian Jira (v8.20.10#820010)