suja s created RANGER-4708:
------------------------------
Summary: Grant/revoke commands honoured by Ranger policy
Key: RANGER-4708
URL: https://issues.apache.org/jira/browse/RANGER-4708
Project: Ranger
Issue Type: Bug
Components: Ranger
Reporter: suja s
STEPS TO REPRODUCE:
Create table t1 in hive
As user u1, perform invoke grant/revoke commands via hive beeline for table t1
Inspect access audit logs corresponding to grant/revoke operations
User u1 can have admin or USER role on ranger side.
CURRENT BEHAVIOUR:
Logs show that the grant or revoke operation is allowed by default ranger-hive
policy 'default database tables columns' (public group has create permissions
on resource=[default/*/*])
EXPECTED BEHAVIOUR:
Grant/Revoke operations are admin operations and should be performed by a user
having admin role on ranger side. The permissions shouldnot not be granted via
ranger policy
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
