Hi All,
After installing ranger 0.7.1 with hive 2.1.1, I see that most permissions
are working as expected except for UDFs.
I have 3 policies in place for myuser:
1. URI *
2. DB */Table *
3. DB */UDF *
All 3 with delegate admin.
However, the following query(in any db):
CREATE TEMPORARY FUNCTION `someudf` AS 'com.myapp.MyUDF';
Results in the following error stack race seen in hive-server2.log :
ERROR [HiveServer2-Handler-Pool: Thread-40] ql.Driver: FAILED:
HiveAccessControlException Permission denied: user [myuser] does not have
[CREATE] privilege on [someudf]
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException:
Permission denied: user [myuser] does not have [CREATE] privilege on
[someudf]
at org.apache.ranger.authorization.hive.authorizer.
RangerHiveAuthorizer.checkPrivileges(RangerHiveAuthorizer.java:417)
at org.apache.hadoop.hive.ql.Driver.doAuthorizationV2(
Driver.java:910)
at org.apache.hadoop.hive.ql.Driver.doAuthorization(Driver.java:697)
at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:515)
at org.apache.hadoop.hive.ql.Driver.compileInternal(Driver.
java:1242)
at org.apache.hadoop.hive.ql.Driver.compileAndRespond(
Driver.java:1229)
at org.apache.hive.service.cli.operation.SQLOperation.
prepare(SQLOperation.java:191)
at org.apache.hive.service.cli.operation.SQLOperation.
runInternal(SQLOperation.java:276)
at org.apache.hive.service.cli.operation.Operation.run(
Operation.java:324)
at org.apache.hive.service.cli.session.HiveSessionImpl.
executeStatementInternal(HiveSessionImpl.java:499)
at org.apache.hive.service.cli.session.HiveSessionImpl.
executeStatementAsync(HiveSessionImpl.java:486)
...
Please let me know about any solutions or workaround.
All help is much appreciated.
Regards,
Shashank
