Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-21320

get_fields() and get_tables_by_type() are not protected by HMS server access control

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 4.0.0
    • Fix Version/s: 4.0.0
    • Component/s: None
    • Labels:
      None

      Description

      User without any privilege can call these functions and get all meta data back as if user has full access privilege.

        Attachments

        1. HIVE-21320.001.patch
          13 kB
          Na Li
        2. HIVE-21320.005.patch
          26 kB
          Na Li
        3. HIVE-21320.005.patch
          26 kB
          Na Li
        4. HIVE-21320.006.patch
          12 kB
          Na Li
        5. HIVE-21320.007.patch
          12 kB
          Na Li
        6. HIVE-21320.008.patch
          12 kB
          Na Li
        7. HIVE-21320.008.patch
          12 kB
          Na Li
        8. HIVE-21320.009.patch
          12 kB
          Na Li
        9. HIVE-21320.010.patch
          12 kB
          Na Li

          Activity

            People

            • Assignee:
              linaataustin Na Li
              Reporter:
              linaataustin Na Li
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: