You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Jiayi Liu (Jira)" <ji...@apache.org> on 2020/07/03 14:16:00 UTC

[jira] [Updated] (RANGER-2893) show grant on database xxx will fail in ranger hive plugin

     [ https://issues.apache.org/jira/browse/RANGER-2893?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jiayi Liu updated RANGER-2893:
------------------------------
    Attachment: 0001-RANGER-2893.patch

> show grant on database xxx will fail in ranger hive plugin
> ----------------------------------------------------------
>
>                 Key: RANGER-2893
>                 URL: https://issues.apache.org/jira/browse/RANGER-2893
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>    Affects Versions: 2.0.0
>            Reporter: Jiayi Liu
>            Priority: Major
>             Fix For: 2.1.0
>
>         Attachments: 0001-RANGER-2893.patch
>
>
> When we enable Ranger Hive plugin, show grant at the database level will fail, and throw the exception "RangerHiveAuthorizer.showPrivileges() only supports SHOW PRIVILEGES for Hive resources and not user level". Although we are not showing grants at the user level, but at the database level.
> For example, 
> {code:sql}
> show grant on database default;
> {code}
> and the exception,
> {code:java}
> ERROR : FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. RangerHiveAuthorizer.showPrivileges() error: RangerHiveAuthorizer.showPrivileges() only supports SHOW PRIVILEGES for Hive resources and not user level
> {code}
> The reason is that the parameter privObj.objectName passed to RangerHiveAuthorizer.showPrivileges is null when show grant at the datatabase level, and the exception "RangerHiveAuthorizer.showPrivileges() only supports SHOW PRIVILEGES for Hive resources and not user level" will be thrown when objectName is null. The function is normal when the type of privObj is TABLE, because the dbName is the db name and the objectName is the table name. 
> We should check whether the dbName is null instead of check the objectName. We alse need to fix the objectName to "*" when it is null to represent all tables in the db in HivePrivilegeInfo.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)