You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Pradeep Agrawal (Jira)" <ji...@apache.org> on 2020/07/10 05:35:00 UTC

[jira] [Commented] (RANGER-2858) 'show databases' gives permission denied error, even though the user has permissions on a few of the databases in security zone policies

    [ https://issues.apache.org/jira/browse/RANGER-2858?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17155145#comment-17155145 ] 

Pradeep Agrawal commented on RANGER-2858:
-----------------------------------------

Patch 2([https://reviews.apache.org/r/72659/]) committed to master : 

[https://github.com/apache/ranger/commit/708085410ff2bbbde5f9343c31cd0a1b45f5efa8]

> 'show databases' gives permission denied error, even though the user has permissions on a few of the databases in security zone policies
> ----------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-2858
>                 URL: https://issues.apache.org/jira/browse/RANGER-2858
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>    Affects Versions: 2.0.0
>            Reporter: Abhay Kulkarni
>            Assignee: Abhay Kulkarni
>            Priority: Major
>             Fix For: 2.1.0
>
>
> When user has permissions on a few of the databases in security zone policies, "show databases" command is expected to list databases on which the user has some permission in any security zone(s). However, the command fails with the following message.
> ============
>  FAILED: HiveAccessControlException Permission denied: user [behemoth] does not have [USE] privilege on [Unknown resource!!]
>  org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException: Permission denied: user [behemoth] does not have [USE] privilege on [Unknown resource!!]
>  at org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.checkPrivileges(RangerHiveAuthorizer.java:487)
> ============
> Furthermore, command "use <database>" where <database> is name of the database where user has some access in any security zone, succeeds.
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)