[RANGER-620] Ability to use database when connecting to it via HiveServer2 without policy authorizing it - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 0.4.0
Fix Version/s: 0.5.0
Component/s: admin
Labels:
- hiveserver
- security
Environment:
HiveServer2 on Ambari with Ranger plugin enabled

Flags:

Important

Description

When doing with beeline
!connect jdbc:hive2://192.168.6.210:10000/db1;principal=hive/hivehost@REALM org.apache.hive.jdbc.HiveDriver

I can connect to db1, and even make a show tables without having any authorizing policy for these actions.

And I am sure I have no right to connect and see these tables, because when doing
!connect jdbc:hive2://192.168.6.210:10000/;principal=hive/hivehost@REALM org.apache.hive.jdbc.HiveDriver
I can't make a use db1 without the error :
Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [testuser] does not have [USE] privilege on [db1] (state=42000,code=40000)

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Loïc C. Chanel

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 20/Aug/15 09:05

Updated:: 21/Aug/15 07:24

Resolved:: 21/Aug/15 07:24