[ https://issues.apache.org/jira/browse/RANGER-4036?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17755054#comment-17755054 ]
Velmurugan Periasamy commented on RANGER-4036: ---------------------------------------------- CC [~rmani] / [~mehul] > Hive Policy is not hounered for Drop non-existing database and non-existing > table via unauthorized user > -------------------------------------------------------------------------------------------------------- > > Key: RANGER-4036 > URL: https://issues.apache.org/jira/browse/RANGER-4036 > Project: Ranger > Issue Type: Bug > Components: Ranger > Affects Versions: 2.3.0 > Reporter: Anupam Rai > Priority: Major > > Behaviour of Drop non-existing database and non-existing table for > unauthorized user is not proper. > Steps to reproduce : > 1. Create a policy for User1 having only select acess of database : test1 , > Table : testtable2, Column : * > 2. Run below command on non-existing database > {code:java} > DROP DATABASE IF EXISTS xyzwer; {code} > 3. Result > {code:java} > INFO : Compiling command(queryId=hive_*******): DROP DATABASE IF EXISTS > xyzwer > DEBUG : Encoding valid txns info 167872:********::167871 txnid:167872 > INFO : Semantic Analysis Completed (retrial = false) > INFO : Created Hive schema: Schema(fieldSchemas:null, properties:null) > INFO : Completed compiling command(queryId=***-9890-4f78-8d7d-9c75fb7c636d); > Time taken: 0.16 seconds > INFO : Executing > command(queryId=hive_20230105061438_e176728f-9890-4f78-8d7d-9c75fb7c636d): > DROP DATABASE IF EXISTS xyzwer > INFO : Completed executing command(queryId=***-9890-****); Time taken: 0.009 > seconds > INFO : OK > DEBUG : Shutting down query DROP DATABASE IF EXISTS xyzwer > No rows affected (0.247 seconds) > 0: jdbc:hive2://quasar-******-1.****{code} > 4. Run below command for non-existing table > {code:java} > DROP TABLE IF EXISTS cccc.dddd {code} > 5. Result > {code:java} > INFO : Semantic Analysis Completed (retrial = false) > INFO : Created Hive schema: Schema(fieldSchemas:null, properties:null) > INFO : Completed compiling > command(queryId=****-aeed-4e60-83a1-2cc3d875c164); Time taken: 0.939 seconds > INFO : Executing command(queryId=***-aeed-4e60-83a1-2cc3d875c164): DROP > TABLE IF EXISTS cccc.dddd > INFO : Starting task [Stage-0:DDL] in serial mode > DEBUG : Task getting executed using mapred tag : > hive_20230105064408_d4b3da87-aeed-4e60-83a1-2cc3d875c164,userid=*** > INFO : Completed executing command(queryId=hive_****); Time taken: 0.049 > seconds > INFO : OK > DEBUG : Shutting down query DROP {code} > Actual : Result shows non-existing Table & database commands are getting > executed for unauthorised user > Expected : Like behaviour in should be like result : > {code:java} > 0: jdbc:hive://****l> DROP DATABASE IF EXISTS xyzwer; > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: user [user] does not have [DROP] privilege on [xyzwer] > (state=42000,code=40000) {code} > Thanks -- This message was sent by Atlassian Jira (v8.20.10#820010)