when authorization
fails due to lack of SELECT on all columnsRepository: incubator-ranger
Updated Branches:
refs/heads/master b8dada7b0 -> 1ff410500
RANGER-1297:Provide correct Ranger HiveAccessControlException message for DESCRIBE <TABLE> when authorization fails due to lack of SELECT on all columns
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/1ff41050
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/1ff41050
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/1ff41050
Branch: refs/heads/master
Commit: 1ff41050015b7be736268f6c84e683121cfffd7b
Parents: b8dada7
Author: rmani <rm...@hortonworks.com>
Authored: Fri Jan 6 17:17:52 2017 -0800
Committer: rmani <rm...@hortonworks.com>
Committed: Fri Jan 6 17:17:52 2017 -0800
----------------------------------------------------------------------
.../authorization/hive/authorizer/RangerHiveAuthorizer.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1ff41050/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index e6230ec..c107b4b 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -406,7 +406,9 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
if(result != null && !result.getIsAllowed()) {
String path = resource.getAsString();
-
+ if (hiveOpType == HiveOperationType.DESCTABLE) {
+ path = path + "/*";
+ }
throw new HiveAccessControlException(String.format("Permission denied: user [%s] does not have [%s] privilege on [%s]",
user, request.getHiveAccessType().name(), path));
}