You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Ramesh Mani (Jira)" <ji...@apache.org> on 2021/10/06 06:25:00 UTC
[jira] [Updated] (RANGER-3464) Handle if exist and if not exist
clause commands authorization correctly in Ranger Hive authorizer.
[ https://issues.apache.org/jira/browse/RANGER-3464?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ramesh Mani updated RANGER-3464:
--------------------------------
Description:
Certain command like CREATE VIEW / CREATE TABLE / CREATE MATERIALISED VIEW/ CREATE FUNCTION / DROP VIEW / DROP MATERIALISED VIEW / DROP DATABASE / ALTERVIEW AS have IF EXISTS or IF NOT EXISTS clause and if those commands are run again if table is present or not present depending on the command which is run result in Authorization failure. This is because hive doesn't send the input/output objects for those commands when same command is run again and if the objects are not present.
E.g Following sequence of operation will result in authorization failure.
create table a(id int);
insert into a values(1);
create materialized view if not exists av as select * from a;
create materialized view if not exists av as select * from a;
drop materialized view if exists av;
drop materialized view if exists av; # Error: Error while compiling statement: FAILED: HiveAccessControlException Unable to authorize command: [drop materialized view if exists av] , HivePrivilegeObjects are not available to authorize this command! (state=42000,code=40000)
was:
Certain command like CREATE VIEW / CREATE TABLE / CREATE MATERIALISED VIEW/ CREATE FUNCTION / DROP VIEW / DROP MATERIALISED VIEW / DROP DATABASE / ALTERVIEW AS have IF EXISTS or IF NOT EXISTS clause and if those commands are run again if table is present or not present depending on the command which is run result in Authorization failure. This is because hive doesn't send the input/output objects for those commands when same command is run and if the objects are not present.
E.g Following sequence of operation will result in authorization failure.
create table a(id int);
insert into a values(1);
create materialized view if not exists av as select * from a;
create materialized view if not exists av as select * from a;
drop materialized view if exists av;
drop materialized view if exists av; # Error: Error while compiling statement: FAILED: HiveAccessControlException Unable to authorize command: [drop materialized view if exists av] , HivePrivilegeObjects are not available to authorize this command! (state=42000,code=40000)
> Handle if exist and if not exist clause commands authorization correctly in Ranger Hive authorizer.
> ---------------------------------------------------------------------------------------------------
>
> Key: RANGER-3464
> URL: https://issues.apache.org/jira/browse/RANGER-3464
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 3.0.0, 2.2.0
> Reporter: Ramesh Mani
> Assignee: Ramesh Mani
> Priority: Major
> Fix For: 3.0.0, 2.2.0
>
>
> Certain command like CREATE VIEW / CREATE TABLE / CREATE MATERIALISED VIEW/ CREATE FUNCTION / DROP VIEW / DROP MATERIALISED VIEW / DROP DATABASE / ALTERVIEW AS have IF EXISTS or IF NOT EXISTS clause and if those commands are run again if table is present or not present depending on the command which is run result in Authorization failure. This is because hive doesn't send the input/output objects for those commands when same command is run again and if the objects are not present.
> E.g Following sequence of operation will result in authorization failure.
> create table a(id int);
> insert into a values(1);
> create materialized view if not exists av as select * from a;
> create materialized view if not exists av as select * from a;
> drop materialized view if exists av;
> drop materialized view if exists av; # Error: Error while compiling statement: FAILED: HiveAccessControlException Unable to authorize command: [drop materialized view if exists av] , HivePrivilegeObjects are not available to authorize this command! (state=42000,code=40000)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)