You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafodion.apache.org by "Alice Chen (JIRA)" <ji...@apache.org> on 2015/07/22 20:19:43 UTC
[jira] [Created] (TRAFODION-1095) LP Bug: 1437078 - LOAD fails with
error 4481 even if user has priv
Alice Chen created TRAFODION-1095:
-------------------------------------
Summary: LP Bug: 1437078 - LOAD fails with error 4481 even if user has priv
Key: TRAFODION-1095
URL: https://issues.apache.org/jira/browse/TRAFODION-1095
Project: Apache Trafodion
Issue Type: Bug
Components: sql-security
Reporter: Roberta Marton
Assignee: Roberta Marton
Priority: Critical
Fix For: 1.1 (pre-incubation)
A load operation is failing even when the user has the necessary privileges.
Setup:
Create a hive table:
swhive
drop table teams;
create external table teams
(team_number int,
team_name string,
team_contact string,
team_contact_number string
)
row format delimited fields terminated by '|'
location '/user/hive/exttables/teams'
;
show tables;
quit;
Load hive table in SQL:
sqlci
initialize authorization;
insert into hive.hive.teams values
(1, 'White Socks', 'Sam','4082282222'),
(2, 'Giants', 'Joe', '5102839483'),
(3, 'Cardinals', 'Stella', '9513849384'),
(4, 'Indians', 'Matt', '5128383748'),
(5, 'Tigers', 'Ronit', '6198273827');
Select count(*) from hive.hive.teams;
exit;
In window 1:
sqlci –u sql_user1
create schema user1;
set schema user1;
create table teams
(team_number int not null primary key,
team_name char(20) not null,
team_contact varchar(50) not null,
team_contact_number char (10) not null
)
;
In window 2:
Sqlci –u sql_user2
Set schema user1;
Load with no populate indexes into user1.teams select * from hive.hive.teams;
--should fail with no INSERT and SELECT priv
Back to window 1
Grant insert, select on user1.teams to sql_user2;
Showddl user1.teams;
Back to window 2 – load operations should work but it is still failing
Load with no populate indexes into user1.teams select * from hive.hive.teams;
If I restart window 2, the operation succeeds.
It looks like the table definition cached in NATableCache is not being removed if the table does not have the necessary privileges. On next call, the incorrect cached values are used for privilege checking instead of the correct values.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)