Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-1477

'show databases' fails with access-denied when user doesn't have access to some of the databases

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.7.0, 1.0.0
    • Fix Version/s: 1.0.0, 0.7.1
    • Component/s: Ranger
    • Labels:
      None

      Description

      Consider the following scenario:
      2 database in Hive: db1, db2
      2 tables, one in each database: db1.tbl1, db2.tbl2
      Ranger: add a resource based policy to allow all access to public on db=; tbl=; col=*
      Execute ‘show databases;’ via beeline; it lists both db1 and db2
      Atlas: add EXPIRES_ON tag to db2.tbl2 with expiry_date 2016/12/31
      Ranger: add a tag-based policy to deny all access to public on for EXPIRES_ON tag with access-after-expiry=true
      Execute ‘show databases’ via beeline; the user should see ‘db1’. Instead following error is shown:

      Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [admin] does not have [USE] privilege on [null] (state=42000,code=40000)

        Attachments

          Activity

            People

            • Assignee:
              abhayk Abhay Kulkarni
              Reporter:
              abhayk Abhay Kulkarni
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: