[RANGER-1477] 'show databases' fails with access-denied when user doesn't have access to some of the databases - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 0.7.0, 1.0.0
Fix Version/s: 1.0.0, 0.7.1
Component/s: Ranger
Labels:
None

Description

Consider the following scenario:
2 database in Hive: db1, db2
2 tables, one in each database: db1.tbl1, db2.tbl2
Ranger: add a resource based policy to allow all access to public on db=; tbl=; col=*
Execute ‘show databases;’ via beeline; it lists both db1 and db2
Atlas: add EXPIRES_ON tag to db2.tbl2 with expiry_date 2016/12/31
Ranger: add a tag-based policy to deny all access to public on for EXPIRES_ON tag with access-after-expiry=true
Execute ‘show databases’ via beeline; the user should see ‘db1’. Instead following error is shown:

Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [admin] does not have [USE] privilege on [null] (state=42000,code=40000)

Attachments

Activity

People

Assignee:: Abhay Kulkarni

Reporter:: Abhay Kulkarni

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 27/Mar/17 22:08

Updated:: 27/Mar/17 23:42

Resolved:: 27/Mar/17 23:42