Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-25532

Missing authorization info for KILL QUERY command

    XMLWordPrintableJSON

Details

    Description

      We added authorization for Kill Query command some time back with the help of Ranger. Below is the ticket https://issues.apache.org/jira/browse/RANGER-1851

      However, we have observed that this hasn't been working as expected. The Ranger service expects Hive to send in a privilege object of the type SERVICE_NAME but we can see below
      https://github.com/apache/hive/blob/master/service/src/java/org/apache/hive/service/server/KillQueryImpl.java#L131 that it is sending an empty array list. 
      The Ranger service never throws an exception to this and this results in any user being able to kill any query even though they don't have necessary permissions.

      Attachments

        Issue Links

          Activity

            People

              achennagiri Abhay
              achennagiri Abhay
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h 10m
                  1h 10m