You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@sentry.apache.org by "Ruslan Dautkhanov (JIRA)" <ji...@apache.org> on 2016/04/20 00:56:25 UTC

[jira] [Created] (SENTRY-1209) Sentry does not block Hive's cross-schema table renames

Ruslan Dautkhanov created SENTRY-1209:
-----------------------------------------

             Summary: Sentry does not block Hive's cross-schema table renames
                 Key: SENTRY-1209
                 URL: https://issues.apache.org/jira/browse/SENTRY-1209
             Project: Sentry
          Issue Type: Bug
          Components: Core, Hive Binding, Hive Plugin, Sentry
    Affects Versions: 1.5.1
         Environment: CDH 5.5.2
            Reporter: Ruslan Dautkhanov
            Priority: Critical


User Pete 
has read-write access to schema A
has read-only access to schema B

User Pete nevertheless was able to rename/move Hive table 
from schema A to schema B (where he has read-only access):

{quote}
use A;
alter table table_a rename to B.table_a;
{quote}

Hive allows to use rename table syntax to move tables across schemas, not just rename.

Sentry does not check security boundaries in this case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)