Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Not A Bug
-
None
-
None
-
None
Description
STEPS TO REPRODUCE:
Create db dbfortest
Create table tablefortest under dbfortest (create table dbfortest.tablefortest(id int, name1 string, name2 string))
Insert rows into dbfortest.tablefortest
User u1 has select access on tablefortest via ranger policy[db=dbfortest, table=tablefortest, column=*] - policy P1
User u1 has create and alter permissions via ranger policy [db=dbfortest, table=viewfortest, column=*] - policy P2
Connect to beeline as user u1 and execute command 'create view dbfortest.viewfortest as select id,name1 from dbfortest.tablefortest'
View creation is successful, Ranger access audits show that policy P1 granted select on tablefortest and policy P2 granted create on viewfortest
Execute command 'alter view dbfortest.viewfortest as select id,name2 from dbfortest.tablefortest'.
CURRENT BEHAVIOUR:
Alter view command fails with access denied error for user not having select permissions on database dbfortest
Attachments
Issue Links
- relates to
-
RANGER-4001 Wrong permission check for Hive "Alter View as" command in Ranger HiveAuthorizer
- Open