You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Ramesh Mani (Jira)" <ji...@apache.org> on 2019/12/05 17:24:00 UTC
[jira] [Commented] (RANGER-2664) filterListCmdObjects does not work
in sql 'show databases'
[ https://issues.apache.org/jira/browse/RANGER-2664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16988998#comment-16988998 ]
Ramesh Mani commented on RANGER-2664:
-------------------------------------
[~starphin] For "Show database" user just need any permission on Database to get authorized.
filterListCmdObjects should be filtering out the database which user don't have access to. This is the behavior.
Ranger has HMS plugin which will be used for filtering the metastore api calls.
Are you referring to beeline HiveSever2 api calls or HMS api calls? In which version of Ranger you are verifying this?
> filterListCmdObjects does not work in sql 'show databases'
> ----------------------------------------------------------
>
> Key: RANGER-2664
> URL: https://issues.apache.org/jira/browse/RANGER-2664
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Reporter: star
> Priority: Major
> Attachments: ranger-2664.patch
>
>
> In hive plugin, when execute sql 'show databases',
> privilege HiveAccessType.USE is required on database '*'. If it is authorized USE privilege, all database will be showed. If not, the sql will be stuck when checking privilege.
> To solve the problem, just let the sql 'show databases' pass through when METASTORE_FILTER_HOOK is set as AuthorizationMetaStoreFilterHook. Privilege HiveAccessType.USE is not required on database '*'.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)