Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
0.7.1, 0.8.0, 0.9.0, 0.10.0
-
None
-
None
-
Incompatible change
-
Fix bug drop any table even without privilege
Description
You can drop any table if you use fully qualified name 'database.table' even you don't have any previlige.
hive> set hive.security.authorization.enabled=true; hive> revoke all on default from user test_user; hive> drop table abc; hive> drop table abc; Authorization failed:No privilege 'Drop' found for outputs { database:default, table:abc}. Use show grant to get more details. hive> drop table default.abc; OK Time taken: 0.13 seconds
The table and the file in /usr/hive/warehouse or external file will be deleted. If you don't have hadoop access permission on /usr/hive/warehouse or external files, you will see a hadoop access error
12/02/23 15:35:35 ERROR hive.log: org.apache.hadoop.security.AccessControlException: org.apache.hadoop.security.AccessControlException: Permission denied: user=test_user, access=WRITE, inode="/user/myetl":myetl:etl:drwxr-xr-x
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)