Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-4994

Alter MV rebuild should fail for unauthorized user irrespective of MV state

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • plugins, Ranger
    • None

    Description

      Attaching the steps to reproduce issue as attachments.

      NOTE: MV is created via hive user and rebuilding it via other user (raghav user).

      When Materialized View (MV) is outdated and unauthorized user triggers the ALTER query to rebuild it, it is failing as it also requries access to base tables. 

      Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [raghav] does not have [ALTER] privilege on [raghav/emps/deptno,empid,hire_date]

       

      But when MV is not outdated, then running alter query will not do anything i.e it will not use any base table and the query passes and doesn't throw any auth exception. But ideally it should throw exception

      But running a SELECT on same MV from unauthorized user fails throwing error (expected behaviour):

      Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied [raghav] does not have [SELECT] privilege on [raghav/mv_recently_hired/*] 

       

      My understanding is that the behaviour should remain same irrespective of the state of the MV for ALTER query. Thoughts on this?

       

      Attachments

        1. no_error_case.sql
          1 kB
          Raghav Aggarwal
        2. expected_case.sql
          1 kB
          Raghav Aggarwal

        Activity

          People

            Unassigned Unassigned
            Aggarwal_Raghav Raghav Aggarwal
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: