Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
Test Case:
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
create database table_db; create database view_db_outer; create database view_db_inner; create database view_db_inner_inner;
create table table_db.test_tbl(col1 string); create view view_db_outer.outer_view1 as select col1 from table_db.test_tbl; create view view_db_outer.outer_view2 as select col1 from table_db.test_tbl; create view view_db_inner.inner_view as with wct as (select ov1.col1 from view_db_outer.outer_view1 ov1 union all select ov2.col1 from view_db_outer.outer_view2 ov2) select * from wct; create view view_db_inner_inner.inner_inner_view as select * from view_db_inner.inner_view;
Enable authorization
set hive.security.authorization.enabled=true;
Grant permissions to the final view
grant select on table view_db_inner_inner.inner_inner_view to user hive_test_user;
select * from view_db_inner_inner.inner_inner_view; --Fails with exception unauthorized
ql.Driver: Authorization failed:No privilege 'Select' found for inputs { database:view_db_outer, table:outer_view1, columnName:col1}. Use SHOW GRANT to get more details.