You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Deepak Sharma (JIRA)" <ji...@apache.org> on 2015/09/29 18:55:04 UTC
[jira] [Updated] (HIVE-11988) [hive] security issue with hive &
ranger for import table command
[ https://issues.apache.org/jira/browse/HIVE-11988?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Deepak Sharma updated HIVE-11988:
---------------------------------
Assignee: Sushanth Sowmyan
> [hive] security issue with hive & ranger for import table command
> -----------------------------------------------------------------
>
> Key: HIVE-11988
> URL: https://issues.apache.org/jira/browse/HIVE-11988
> Project: Hive
> Issue Type: Bug
> Components: Hive
> Affects Versions: 0.14.0, 1.2.1
> Reporter: Deepak Sharma
> Assignee: Sushanth Sowmyan
> Priority: Critical
> Fix For: 0.14.1, 1.2.2
>
>
> if a user does not have permission to create table in hive , then if the same user import data for a table using following command then , it will have to create table also and that is working successfully , ideally it should not work
> STR:
> ====
> 1. put some raw data in hdfs path /user/user1/tempdata
> 2. in ranger check policy , user1 should not have any permission on any table
> 3. login through user1 into beeline ( obviously it will fail since user doesnt have permission to create table)
> create table tt1(id INT,ff String);
> FAILED: HiveAccessControlException Permission denied: user user1 does not have CREATE privilege on default/tt1 (state=42000,code=40000)
> 4. now try following command to import data into a table ( table should not exist already)
> import table tt1 from '/user/user1/tempdata';
> ER:
> since user1 doesnt have permission to create table so this operation should fail
> AR:
> table is created successfully and data is also imported !!
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)