Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
Description
We added authorization for Kill Query command some time back with the help of Ranger. Below is the ticket https://issues.apache.org/jira/browse/RANGER-1851
However, we have observed that this hasn't been working as expected. The Ranger service expects Hive to send in a privilege object of the type SERVICE_NAME but we can see below
https://github.com/apache/hive/blob/master/service/src/java/org/apache/hive/service/server/KillQueryImpl.java#L131 that it is sending an empty array list.
The Ranger service never throws an exception to this and this results in any user being able to kill any query even though they don't have necessary permissions.
Attachments
Issue Links
- relates to
-
RANGER-1851 Enhance Ranger Hive Plugin to support authorization for KILL QUERY command
- Resolved
- links to