You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Stamatis Zampetakis (Jira)" <ji...@apache.org> on 2021/09/17 12:34:00 UTC
[jira] [Updated] (HIVE-25532) Missing authorization info for KILL
QUERY command
[ https://issues.apache.org/jira/browse/HIVE-25532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stamatis Zampetakis updated HIVE-25532:
---------------------------------------
Summary: Missing authorization info for KILL QUERY command (was: Fix authorization support for Kill Query Command)
> Missing authorization info for KILL QUERY command
> -------------------------------------------------
>
> Key: HIVE-25532
> URL: https://issues.apache.org/jira/browse/HIVE-25532
> Project: Hive
> Issue Type: Bug
> Components: HiveServer2
> Reporter: Abhay
> Assignee: Abhay
> Priority: Major
> Labels: pull-request-available
> Time Spent: 10m
> Remaining Estimate: 0h
>
> We added authorization for Kill Query command some time back with the help of Ranger. Below is the ticket https://issues.apache.org/jira/browse/RANGER-1851
> However, we have observed that this hasn't been working as expected. The Ranger service expects Hive to send in a privilege object of the type SERVICE_NAME but we can see below
> [https://github.com/apache/hive/blob/master/service/src/java/org/apache/hive/service/server/KillQueryImpl.java#L131] that it is sending an empty array list.
> The Ranger service never throws an exception to this and this results in any user being able to kill any query even though they don't have necessary permissions.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)