Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
Provide correct Ranger HiveAccessControlException message for DESCRIBE <TABLE> when authorization fails due to lack of SELECT on all columns
Currently the message is misleading because it gives HiveAccessControlException Permission denied: user [user1] does not have [SELECT] privilege on [database/table] .
It doesn't provide which column it doesn't have SELECT permission.
It should have SELECT permission on all columns (*) by default to DESCRIBE as Hive doesn't provide ranger the necessary hooks to filter out the columns which user doesn't have access to. Until hive provides this, the policy in ranger should have SELECT on "*" for columns on a table in order for describer to succeed.