incubator-ranger git commit: RANGER-1297:Provide correct Ranger HiveAccessControlException message for DESCRIBE <TABLE> when authorization fails due to lack of SELECT on all columns

You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ranger.apache.org by rm...@apache.org on 2017/01/07 01:33:30 UTC

incubator-ranger git commit: RANGER-1297:Provide correct Ranger HiveAccessControlException message for DESCRIBE when authorization fails due to lack of SELECT on all columns

Repository: incubator-ranger
Updated Branches:
  refs/heads/master b8dada7b0 -> 1ff410500


RANGER-1297:Provide correct Ranger HiveAccessControlException message for DESCRIBE <TABLE> when authorization fails due to lack of SELECT on all columns


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/1ff41050
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/1ff41050
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/1ff41050

Branch: refs/heads/master
Commit: 1ff41050015b7be736268f6c84e683121cfffd7b
Parents: b8dada7
Author: rmani <rm...@hortonworks.com>
Authored: Fri Jan 6 17:17:52 2017 -0800
Committer: rmani <rm...@hortonworks.com>
Committed: Fri Jan 6 17:17:52 2017 -0800

----------------------------------------------------------------------
 .../authorization/hive/authorizer/RangerHiveAuthorizer.java      | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1ff41050/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index e6230ec..c107b4b 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -406,7 +406,9 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
 
 				if(result != null && !result.getIsAllowed()) {
 					String path = resource.getAsString();
-
+					if (hiveOpType == HiveOperationType.DESCTABLE) {
+						path = path + "/*";
+					}
 					throw new HiveAccessControlException(String.format("Permission denied: user [%s] does not have [%s] privilege on [%s]",
 														 user, request.getHiveAccessType().name(), path));
 				}