[RANGER-1297] Provide correct Ranger HiveAccessControlException message for DESCRIBE <TABLE> when authorization fails due to lack of SELECT on all columns - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.7.0
Component/s: None
Labels:
None

Description

Provide correct Ranger HiveAccessControlException message for DESCRIBE <TABLE> when authorization fails due to lack of SELECT on all columns
Currently the message is misleading because it gives HiveAccessControlException Permission denied: user [user1] does not have [SELECT] privilege on [database/table] .
It doesn't provide which column it doesn't have SELECT permission.

It should have SELECT permission on all columns (*) by default to DESCRIBE as Hive doesn't provide ranger the necessary hooks to filter out the columns which user doesn't have access to. Until hive provides this, the policy in ranger should have SELECT on "*" for columns on a table in order for describer to succeed.

Attachments

Activity

People

Assignee:: Ramesh Mani

Reporter:: Ramesh Mani

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 07/Jan/17 00:58

Updated:: 19/Mar/17 21:09

Resolved:: 09/Jan/17 21:36