Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-620

Ability to use database when connecting to it via HiveServer2 without policy authorizing it

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 0.4.0
    • Fix Version/s: 0.5.0
    • Component/s: admin
    • Environment:
      HiveServer2 on Ambari with Ranger plugin enabled
    • Flags:
      Important

      Description

      When doing with beeline
      !connect jdbc:hive2://192.168.6.210:10000/db1;principal=hive/hivehost@REALM org.apache.hive.jdbc.HiveDriver

      I can connect to db1, and even make a show tables without having any authorizing policy for these actions.

      And I am sure I have no right to connect and see these tables, because when doing
      !connect jdbc:hive2://192.168.6.210:10000/;principal=hive/hivehost@REALM org.apache.hive.jdbc.HiveDriver
      I can't make a use db1 without the error :
      Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [testuser] does not have [USE] privilege on [db1] (state=42000,code=40000)

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              bartimeux Loïc C. Chanel
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: