You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafodion.apache.org by "Alice Chen (JIRA)" <ji...@apache.org> on 2015/07/22 20:19:43 UTC

[jira] [Created] (TRAFODION-1095) LP Bug: 1437078 - LOAD fails with error 4481 even if user has priv

Alice Chen created TRAFODION-1095:
-------------------------------------

             Summary: LP Bug: 1437078 - LOAD fails with error 4481 even if user has priv
                 Key: TRAFODION-1095
                 URL: https://issues.apache.org/jira/browse/TRAFODION-1095
             Project: Apache Trafodion
          Issue Type: Bug
          Components: sql-security
            Reporter: Roberta Marton
            Assignee: Roberta Marton
            Priority: Critical
             Fix For: 1.1 (pre-incubation)


A load operation is failing even when the user has the necessary privileges.


Setup:

Create a hive table:

swhive

drop table teams;
create external table teams
  (team_number int,
   team_name string,
   team_contact string,
   team_contact_number string
   )
row format delimited fields terminated by '|'
location '/user/hive/exttables/teams'
;
show tables;
quit;

Load hive table in SQL:

sqlci

initialize authorization;
insert into hive.hive.teams values
   (1, 'White Socks', 'Sam','4082282222'),
   (2, 'Giants', 'Joe', '5102839483'),
   (3, 'Cardinals', 'Stella', '9513849384'),
   (4, 'Indians', 'Matt', '5128383748'),
   (5, 'Tigers', 'Ronit', '6198273827');
Select count(*) from hive.hive.teams;
exit;

In window 1:

sqlci –u sql_user1

create schema user1;
set schema user1;
create table teams
  (team_number int not null primary key,
   team_name char(20) not null,
   team_contact varchar(50) not null,
   team_contact_number char (10) not null
   )
  ;

In window 2:

Sqlci –u sql_user2

Set schema user1;
Load with no populate indexes into user1.teams select * from hive.hive.teams;

--should fail with no INSERT and SELECT priv


Back to window 1

Grant insert, select on user1.teams to sql_user2;
Showddl user1.teams;

Back to window 2 – load operations should work but it is still failing

Load with no populate indexes into user1.teams select * from hive.hive.teams;

If I restart window 2, the operation succeeds.

It looks like the table definition cached in NATableCache is not being removed if the table does not have the necessary privileges.  On next call, the incorrect cached values are used for privilege checking instead of the correct values.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)