[jira] [Commented] (RANGER-4036) Hive Policy is not hounered for Drop non-existing database and non-existing table via unauthorized user

Wed, 16 Aug 2023 06:20:06 -0700 


    [ 
https://issues.apache.org/jira/browse/RANGER-4036?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17755054#comment-17755054
 ] 

Velmurugan Periasamy commented on RANGER-4036:
----------------------------------------------

CC [~rmani] / [~mehul]

>  Hive Policy is not hounered for Drop non-existing database and non-existing 
> table via unauthorized user
> --------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-4036
>                 URL: https://issues.apache.org/jira/browse/RANGER-4036
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>    Affects Versions: 2.3.0
>            Reporter: Anupam Rai
>            Priority: Major
>
> Behaviour of Drop non-existing database and non-existing table for 
> unauthorized user is not  proper. 
> Steps to reproduce :
> 1. Create a policy for User1 having only select acess of database : test1 , 
> Table : testtable2, Column : *
> 2. Run below command on non-existing database
> {code:java}
> DROP DATABASE IF EXISTS xyzwer; {code}
> 3. Result 
> {code:java}
> INFO  : Compiling command(queryId=hive_*******): DROP DATABASE IF EXISTS 
> xyzwer
> DEBUG : Encoding valid txns info 167872:********::167871 txnid:167872
> INFO  : Semantic Analysis Completed (retrial = false)
> INFO  : Created Hive schema: Schema(fieldSchemas:null, properties:null)
> INFO  : Completed compiling command(queryId=***-9890-4f78-8d7d-9c75fb7c636d); 
> Time taken: 0.16 seconds
> INFO  : Executing 
> command(queryId=hive_20230105061438_e176728f-9890-4f78-8d7d-9c75fb7c636d): 
> DROP DATABASE IF EXISTS xyzwer
> INFO  : Completed executing command(queryId=***-9890-****); Time taken: 0.009 
> seconds
> INFO  : OK
> DEBUG : Shutting down query DROP DATABASE IF EXISTS xyzwer
> No rows affected (0.247 seconds)
> 0: jdbc:hive2://quasar-******-1.****{code}
> 4. Run below command for non-existing table 
> {code:java}
> DROP TABLE IF EXISTS cccc.dddd {code}
> 5. Result 
> {code:java}
> INFO  : Semantic Analysis Completed (retrial = false)
> INFO  : Created Hive schema: Schema(fieldSchemas:null, properties:null)
> INFO  : Completed compiling 
> command(queryId=****-aeed-4e60-83a1-2cc3d875c164); Time taken: 0.939 seconds
> INFO  : Executing command(queryId=***-aeed-4e60-83a1-2cc3d875c164): DROP 
> TABLE IF EXISTS cccc.dddd
> INFO  : Starting task [Stage-0:DDL] in serial mode
> DEBUG : Task getting executed using mapred tag : 
> hive_20230105064408_d4b3da87-aeed-4e60-83a1-2cc3d875c164,userid=***
> INFO  : Completed executing command(queryId=hive_****); Time taken: 0.049 
> seconds
> INFO  : OK
> DEBUG : Shutting down query DROP  {code}
> Actual : Result shows non-existing Table & database commands are getting 
> executed for unauthorised user 
> Expected : Like behaviour in should be like result : 
> {code:java}
> 0: jdbc:hive://****l> DROP DATABASE IF EXISTS xyzwer;
> Error: Error while compiling statement: FAILED: HiveAccessControlException 
> Permission denied: user [user] does not have [DROP] privilege on [xyzwer] 
> (state=42000,code=40000) {code}
> Thanks



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to