Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-4713

Alter view needs additional select permission on db which is not required for create view

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Not A Bug
    • None
    • None
    • Ranger
    • None

    Description

      STEPS TO REPRODUCE:
      Create db dbfortest
      Create table tablefortest under dbfortest (create table dbfortest.tablefortest(id int, name1 string, name2 string))
      Insert rows into dbfortest.tablefortest
      User u1 has select access on tablefortest via ranger policy[db=dbfortest, table=tablefortest, column=*] - policy P1
      User u1 has create and alter permissions via ranger policy [db=dbfortest, table=viewfortest, column=*] - policy P2
      Connect to beeline as user u1 and execute command 'create view dbfortest.viewfortest as select id,name1 from dbfortest.tablefortest'
      View creation is successful, Ranger access audits show that policy P1 granted select on tablefortest and policy P2 granted create on viewfortest
      Execute command 'alter view dbfortest.viewfortest as select id,name2 from dbfortest.tablefortest'.

      CURRENT BEHAVIOUR:
      Alter view command fails with access denied error for user not having select permissions on database dbfortest

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. RANGER-4001 Wrong permission check for Hive "Alter View as" command in Ranger HiveAuthorizer

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Activity

            People

              maheshbandal Mahesh Hanumant Bandal
              suja suja s
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: