Hi Madhan,
I have verified the same without where clause also and getting the same behavior. I filed a JIRA for this @ https://issues.apache.org/jira/browse/RANGER-547 ------- Thanks & Regards, Hanish Bansal ________________________________ From: Madhan Neethiraj <[email protected]> on behalf of Madhan Neethiraj <[email protected]> Sent: Thursday, June 11, 2015 1:04 PM To: [email protected] Subject: Re: Hive Update privilege behavior Hanish, I think this might be due to "where id=124" in the query - which would require select permission for column "id". Can you try without using a where clause? Thanks, Madhan From: Don Bosco Durai <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Wednesday, June 10, 2015 at 11:44 PM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: Hive Update privilege behavior Interesting observation. Madhan, do we need to add implied permission for update? Hanish, if you don't mind, can you create a JIRA for this? We can try to resolve this in the next release. Thanks Bosco From: Hanish Bansal <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Wednesday, June 10, 2015 at 11:19 PM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Hive Update privilege behavior Hi All, I am using Ranger (version-0.4.0) hive authorization. I am facing an issue: For update privileges to a user I have to give Select AND Update both privilege. Otherwise update privileges don't work. Steps I followed: 1. Create a table "test?" in hive. 2. Give privilege of only update to a user, e.g. john. 3. Make connection in hive with the same user. Run update query on "test" table - "Update test? SET first_name='pr' where id=124;" Expected- It should update the table Actual- Getting exception- "FAILED: HiveAccessControlException Permission denied: user [john] does not have [SELECT] privilege on [default/test/id] (state=42000,code=40000) " Once providing both privileges 'select' and 'update' to user "john" then it's working fine. Please let me know the expected behavior. ------- Thanks & Regards, Hanish Bansal ________________________________ NOTE: This message may contain information that is confidential, proprietary, privileged or otherwise protected by law. The message is intended solely for the named addressee. If received in error, please destroy and notify the sender. Any use of this email is prohibited when received in error. Impetus does not represent, warrant and/or guarantee, that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference. ________________________________ NOTE: This message may contain information that is confidential, proprietary, privileged or otherwise protected by law. The message is intended solely for the named addressee. If received in error, please destroy and notify the sender. Any use of this email is prohibited when received in error. Impetus does not represent, warrant and/or guarantee, that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference.
