You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ranger.apache.org by Hanish Bansal <ha...@impetus.co.in> on 2015/06/11 08:19:32 UTC
Hive Update privilege behavior
Hi All,
I am using Ranger (version-0.4.0) hive authorization.
I am facing an issue: For update privileges to a user I have to give Select AND Update both privilege. Otherwise update privileges don't work.
Steps I followed:
1. Create a table "test?" in hive.
2. Give privilege of only update to a user, e.g. john.
3. Make connection in hive with the same user. Run update query on "test" table - "Update test? SET first_name='pr' where id=124;"
Expected- It should update the table
Actual- Getting exception- "FAILED: HiveAccessControlException Permission denied: user [john] does not have [SELECT] privilege on [default/test/id] (state=42000,code=40000)
"
Once providing both privileges 'select' and 'update' to user "john" then it's working fine.
Please let me know the expected behavior.
-------
Thanks & Regards,
Hanish Bansal
________________________________
NOTE: This message may contain information that is confidential, proprietary, privileged or otherwise protected by law. The message is intended solely for the named addressee. If received in error, please destroy and notify the sender. Any use of this email is prohibited when received in error. Impetus does not represent, warrant and/or guarantee, that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference.
RE: Hive Update privilege behavior
Posted by Hanish Bansal <ha...@impetus.co.in>.
Hi Madhan,
I have verified the same without where clause also and getting the same behavior.
I filed a JIRA for this @ https://issues.apache.org/jira/browse/RANGER-547
-------
Thanks & Regards,
Hanish Bansal
________________________________
From: Madhan Neethiraj <mn...@hortonworks.com> on behalf of Madhan Neethiraj <ma...@apache.org>
Sent: Thursday, June 11, 2015 1:04 PM
To: user@ranger.incubator.apache.org
Subject: Re: Hive Update privilege behavior
Hanish,
I think this might be due to "where id=124" in the query - which would require select permission for column "id". Can you try without using a where clause?
Thanks,
Madhan
From: Don Bosco Durai <bo...@apache.org>>
Reply-To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Date: Wednesday, June 10, 2015 at 11:44 PM
To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Subject: Re: Hive Update privilege behavior
Interesting observation.
Madhan, do we need to add implied permission for update?
Hanish, if you don't mind, can you create a JIRA for this? We can try to resolve this in the next release.
Thanks
Bosco
From: Hanish Bansal <ha...@impetus.co.in>>
Reply-To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Date: Wednesday, June 10, 2015 at 11:19 PM
To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Subject: Hive Update privilege behavior
Hi All,
I am using Ranger (version-0.4.0) hive authorization.
I am facing an issue: For update privileges to a user I have to give Select AND Update both privilege. Otherwise update privileges don't work.
Steps I followed:
1. Create a table "test?" in hive.
2. Give privilege of only update to a user, e.g. john.
3. Make connection in hive with the same user. Run update query on "test" table - "Update test? SET first_name='pr' where id=124;"
Expected- It should update the table
Actual- Getting exception- "FAILED: HiveAccessControlException Permission denied: user [john] does not have [SELECT] privilege on [default/test/id] (state=42000,code=40000)
"
Once providing both privileges 'select' and 'update' to user "john" then it's working fine.
Please let me know the expected behavior.
-------
Thanks & Regards,
Hanish Bansal
________________________________
NOTE: This message may contain information that is confidential, proprietary, privileged or otherwise protected by law. The message is intended solely for the named addressee. If received in error, please destroy and notify the sender. Any use of this email is prohibited when received in error. Impetus does not represent, warrant and/or guarantee, that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference.
________________________________
NOTE: This message may contain information that is confidential, proprietary, privileged or otherwise protected by law. The message is intended solely for the named addressee. If received in error, please destroy and notify the sender. Any use of this email is prohibited when received in error. Impetus does not represent, warrant and/or guarantee, that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference.
Re: Hive Update privilege behavior
Posted by Madhan Neethiraj <ma...@apache.org>.
Hanish,
I think this might be due to “where id=124” in the query - which would
require select permission for column “id”. Can you try without using a
where clause?
Thanks,
Madhan
From: Don Bosco Durai <bo...@apache.org>
Reply-To: "user@ranger.incubator.apache.org"
<us...@ranger.incubator.apache.org>
Date: Wednesday, June 10, 2015 at 11:44 PM
To: "user@ranger.incubator.apache.org" <us...@ranger.incubator.apache.org>
Subject: Re: Hive Update privilege behavior
Interesting observation.
Madhan, do we need to add implied permission for update?
Hanish, if you don’t mind, can you create a JIRA for this? We can try to
resolve this in the next release.
Thanks
Bosco
From: Hanish Bansal <ha...@impetus.co.in>
Reply-To: "user@ranger.incubator.apache.org"
<us...@ranger.incubator.apache.org>
Date: Wednesday, June 10, 2015 at 11:19 PM
To: "user@ranger.incubator.apache.org" <us...@ranger.incubator.apache.org>
Subject: Hive Update privilege behavior
> Hi All,
>
>
>
> I am using Ranger (version-0.4.0) hive authorization.
>
> I am facing an issue: For update privileges to a user I have to give Select
> AND Update both privilege. Otherwise update privileges don't work.
>
> Steps I followed:
> 1. Create a table "test" in hive.
> 2. Give privilege of only update to a user, e.g. john.
> 3. Make connection in hive with the same user. Run update query on "test"
> table - "Update test SET first_name='pr' where id=124;"
>
> Expected- It should update the table
> Actual- Getting exception- "FAILED: HiveAccessControlException Permission
> denied: user [john] does not have [SELECT] privilege on [default/test/id]
> (state=42000,code=40000)
> "
>
> Once providing both privileges 'select' and 'update' to user "john" then it's
> working fine.
>
> Please let me know the expected behavior.
>
> -------
> Thanks & Regards,
> Hanish Bansal
>
>
>
>
>
>
>
>
> NOTE: This message may contain information that is confidential, proprietary,
> privileged or otherwise protected by law. The message is intended solely for
> the named addressee. If received in error, please destroy and notify the
> sender. Any use of this email is prohibited when received in error. Impetus
> does not represent, warrant and/or guarantee, that the integrity of this
> communication has been maintained nor that the communication is free of
> errors, virus, interception or interference.
Re: Hive Update privilege behavior
Posted by Don Bosco Durai <bo...@apache.org>.
Interesting observation.
Madhan, do we need to add implied permission for update?
Hanish, if you don’t mind, can you create a JIRA for this? We can try to
resolve this in the next release.
Thanks
Bosco
From: Hanish Bansal <ha...@impetus.co.in>
Reply-To: "user@ranger.incubator.apache.org"
<us...@ranger.incubator.apache.org>
Date: Wednesday, June 10, 2015 at 11:19 PM
To: "user@ranger.incubator.apache.org" <us...@ranger.incubator.apache.org>
Subject: Hive Update privilege behavior
> Hi All,
>
>
>
> I am using Ranger (version-0.4.0) hive authorization.
>
> I am facing an issue: For update privileges to a user I have to give Select
> AND Update both privilege. Otherwise update privileges don't work.
>
> Steps I followed:
> 1. Create a table "test" in hive.
> 2. Give privilege of only update to a user, e.g. john.
> 3. Make connection in hive with the same user. Run update query on "test"
> table - "Update test SET first_name='pr' where id=124;"
>
> Expected- It should update the table
> Actual- Getting exception- "FAILED: HiveAccessControlException Permission
> denied: user [john] does not have [SELECT] privilege on [default/test/id]
> (state=42000,code=40000)
> "
>
> Once providing both privileges 'select' and 'update' to user "john" then it's
> working fine.
>
> Please let me know the expected behavior.
>
> -------
> Thanks & Regards,
> Hanish Bansal
>
>
>
>
>
>
>
>
> NOTE: This message may contain information that is confidential, proprietary,
> privileged or otherwise protected by law. The message is intended solely for
> the named addressee. If received in error, please destroy and notify the
> sender. Any use of this email is prohibited when received in error. Impetus
> does not represent, warrant and/or guarantee, that the integrity of this
> communication has been maintained nor that the communication is free of
> errors, virus, interception or interference.