Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-1477

'show databases' fails with access-denied when user doesn't have access to some of the databases

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 0.7.0, 1.0.0
    • 1.0.0, 0.7.1
    • Ranger
    • None

    Description

      Consider the following scenario:
      2 database in Hive: db1, db2
      2 tables, one in each database: db1.tbl1, db2.tbl2
      Ranger: add a resource based policy to allow all access to public on db=; tbl=; col=*
      Execute ‘show databases;’ via beeline; it lists both db1 and db2
      Atlas: add EXPIRES_ON tag to db2.tbl2 with expiry_date 2016/12/31
      Ranger: add a tag-based policy to deny all access to public on for EXPIRES_ON tag with access-after-expiry=true
      Execute ‘show databases’ via beeline; the user should see ‘db1’. Instead following error is shown:

      Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [admin] does not have [USE] privilege on [null] (state=42000,code=40000)

      Attachments

        Activity

          People

            abhayk Abhay Kulkarni
            abhayk Abhay Kulkarni
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: