You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hive.apache.org by "Rajkumar Singh (Jira)" <ji...@apache.org> on 2020/09/23 23:59:00 UTC
[jira] [Created] (HIVE-24194) Query with column mask fail with
ParseException if column name has special char
Rajkumar Singh created HIVE-24194:
-------------------------------------
Summary: Query with column mask fail with ParseException if column name has special char
Key: HIVE-24194
URL: https://issues.apache.org/jira/browse/HIVE-24194
Project: Hive
Issue Type: Bug
Components: Hive
Affects Versions: 3.1.2
Reporter: Rajkumar Singh
hive query with column masking failed with ParseException
Table DDL
{code:java}
CREATE TABLE `emp`( `id` string, `name#` string);
{code}
The following query failed
{code:java}
select `emp`.`id`, `emp`.`name#` from (SELECT `id`, CAST(mask_show_first_n(name#, 4, 'x', 'x', 'x', -1, '1') AS string) AS `name#`, BLOCK__OFFSET__INSIDE__FILE, INPUT__FILE__NAME, ROW__ID FROM `default`.`emp` )`emp`;
{code}
Error: Error while compiling statement: FAILED: ParseException line 1:79 character '#' not supported here (state=42000,code=40000)
quoting manually helped
{code:java}
select `emp`.`id`, `emp`.`name#` from (SELECT `id`, CAST(mask_show_first_n(`name#`, 4, 'x', 'x', 'x', -1, '1') AS string) AS `name#`, BLOCK__OFFSET__INSIDE__FILE, INPUT__FILE__NAME, ROW__ID FROM `default`.`emp` )`emp`;
{code}
manual query change will not work for Ranger authorizer as following query
{code:java}
select * from emp;
{code}
will be rewritten to
{code:java}
select `emp`.`id`, `emp`.`name#` from (SELECT `id`, CAST(mask_show_first_n(name#, 4, 'x', 'x', 'x', -1, '1') AS string) AS `name#`, BLOCK__OFFSET__INSIDE__FILE, INPUT__FILE__NAME, ROW__ID FROM `default`.`emp` )`emp`;
{code}
Ranger apply the transformer for column here so we should consider the enclosing the column names in the back-ticks to make it work
https://github.com/apache/ranger/blob/master/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java#L1332
I have opened https://issues.apache.org/jira/browse/RANGER-3009 for Ranger but checking we hive can pass the column name enclosed in back-ticks while passing the priv-object to ranger
https://github.com/apache/hive/blob/7dd12cd9d77aaaa20f22159062d3c3e5d7bdd127/ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzer.java#L11977
--
This message was sent by Atlassian Jira
(v8.3.4#803005)