Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
3.1.2
-
None
-
None
Description
hive query with column masking failed with ParseException
Table DDL
CREATE TABLE `emp`( `id` string, `name#` string);
The following query failed
select `emp`.`id`, `emp`.`name#` from (SELECT `id`, CAST(mask_show_first_n(name#, 4, 'x', 'x', 'x', -1, '1') AS string) AS `name#`, BLOCK__OFFSET__INSIDE__FILE, INPUT__FILE__NAME, ROW__ID FROM `default`.`emp` )`emp`;
Error: Error while compiling statement: FAILED: ParseException line 1:79 character '#' not supported here (state=42000,code=40000)
quoting manually helped
select `emp`.`id`, `emp`.`name#` from (SELECT `id`, CAST(mask_show_first_n(`name#`, 4, 'x', 'x', 'x', -1, '1') AS string) AS `name#`, BLOCK__OFFSET__INSIDE__FILE, INPUT__FILE__NAME, ROW__ID FROM `default`.`emp` )`emp`;
manual query change will not work for Ranger authorizer as following query
select * from emp;
will be rewritten to
select `emp`.`id`, `emp`.`name#` from (SELECT `id`, CAST(mask_show_first_n(name#, 4, 'x', 'x', 'x', -1, '1') AS string) AS `name#`, BLOCK__OFFSET__INSIDE__FILE, INPUT__FILE__NAME, ROW__ID FROM `default`.`emp` )`emp`;
Ranger apply the transformer for column here so we should consider the enclosing the column names in the back-ticks to make it work
I have opened https://issues.apache.org/jira/browse/RANGER-3009 for Ranger but checking we hive can pass the column name enclosed in back-ticks while passing the priv-object to ranger