You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hawq.apache.org by "Hubert Zhang (JIRA)" <ji...@apache.org> on 2017/03/03 08:09:45 UTC

[jira] [Created] (HAWQ-1375) Ranger should always using the current user to do privilege check.

Hubert Zhang created HAWQ-1375:
----------------------------------

             Summary: Ranger should always using the current user to do privilege check.
                 Key: HAWQ-1375
                 URL: https://issues.apache.org/jira/browse/HAWQ-1375
             Project: Apache HAWQ
          Issue Type: Bug
            Reporter: Hubert Zhang
            Assignee: Ed Espino


Failure Case:
{code}
user u1 create table a(i int);
user u2 create view av as select * from a;
user u3 select * from av.
{code}
When ORCA is on, u3 will first ask select privilege as user u3 to Ranger, and then ask select privilege as user u2 to Ranger.
The second check should be removed, since there may be no privilege for u2 to select av even if av is created by u2 in Ranger mode.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)