You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Pengcheng Xiong (JIRA)" <ji...@apache.org> on 2017/02/23 19:28:44 UTC
[jira] [Commented] (HIVE-16028) Fail UPDATE/DELETE/MERGE queries
when Ranger authorization manager is used
[ https://issues.apache.org/jira/browse/HIVE-16028?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15881077#comment-15881077 ]
Pengcheng Xiong commented on HIVE-16028:
----------------------------------------
LGTM +1, please add a test. :)
> Fail UPDATE/DELETE/MERGE queries when Ranger authorization manager is used
> --------------------------------------------------------------------------
>
> Key: HIVE-16028
> URL: https://issues.apache.org/jira/browse/HIVE-16028
> Project: Hive
> Issue Type: Bug
> Components: Authorization
> Affects Versions: 2.2.0
> Reporter: Wei Zheng
> Assignee: Wei Zheng
> Attachments: HIVE-16028.1.patch
>
>
> This is a followup of HIVE-15891. In that jira an error-out logic was added, but the assumption that we need to do row filtering/column masking for entries in a non-empty list of tables returned by applyRowFilterAndColumnMasking is wrong, because on Ranger side, RangerHiveAuthorizer#applyRowFilterAndColumnMasking will unconditionally return a list of tables no matter whether row filtering/column masking is applicable on the tables.
> The fix for Hive for now will be to move the error-out logic after we figure out there's no replacement text for the query. But ideally we should consider modifying Ranger logic to only return tables that need to be masked.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)