Re: Securing Hive inserts

Fri, 15 Apr 2016 08:10:34 -0700 

Yup, here it is: https://issues.apache.org/jira/browse/RANGER-930

Colm.

On Fri, Apr 15, 2016 at 3:35 PM, Selvamohan Neethiraj <sneet...@apache.org>
wrote:

> Thanks Colm. I also verified that the issue exists.  This may be a due to
> the way Hive is handling access verification for temporary tables.
> I will some more digging to find the right solution for this … In the
> meanwhile, can you please open a RANGER bug to identify/fix this issue?
>
> Thanks,
> Selva-
>
> From: Colm O hEigeartaigh <cohei...@apache.org>
> Reply-To: "user@ranger.incubator.apache.org" <
> user@ranger.incubator.apache.org>, "cohei...@apache.org" <
> cohei...@apache.org>
> Date: Friday, April 15, 2016 at 9:59 AM
> To: Balaji Ganesan <bgane...@apache.org>
> Cc: "user@ranger.incubator.apache.org" <user@ranger.incubator.apache.org>
> Subject: Re: Securing Hive inserts
>
> Hi Balaji,
>
> I have a trivial table containing the output of the canonical "WordCount"
> program on a text file. The table just contains two columns, one containing
> the word and the other the count. The following query fails with the error
> message above:
>
> insert into words (word, count) values ('xyz', 5);
>
> To get it to work, I have to edit the Ranger policy for "*" for the
> "Table" part. At a guess, the HIVE insertion process ends up creating a
> temporary table and I don't have permission to call "select" on this table,
> as the policy strictly limits to the "words" table?
>
> Colm.
>
> On Thu, Apr 14, 2016 at 5:02 PM, Balaji Ganesan <bgane...@apache.org>
> wrote:
>
>> Can you provide the full query you are running? What is this table "
>> values__tmp__table__3" ?
>>
>> On Thu, Apr 14, 2016 at 4:09 PM, Colm O hEigeartaigh <cohei...@apache.org
>> > wrote:
>>
>>> Hi all,
>>>
>>> I have a policy that grants permissions Select + Update to all columns
>>> in a table called "words" in a given database. However, I can't insert into
>>> this table - I get an error:
>>>
>>> H110 Unable to submit statement. Error while compiling statement:
>>> FAILED: HiveAccessControlException Permission denied: user [colm] does not
>>> have [SELECT] privilege on
>>> [default/values__tmp__table__3/tmp_values_col1,tmp_values_col2]
>>> [ERROR_STATUS]
>>>
>>> Only when I change the table in the policy to "*" does it work. Is there
>>> any way around this? I'm using HDP 2.3.2 btw.
>>>
>>> Thanks,
>>>
>>> Colm.
>>>
>>>
>>> --
>>> Colm O hEigeartaigh
>>>
>>> Talend Community Coder
>>> http://coders.talend.com
>>>
>>
>>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Reply via email to