You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hive.apache.org by "Rajkumar Singh (Jira)" <ji...@apache.org> on 2020/09/23 23:59:00 UTC

[jira] [Created] (HIVE-24194) Query with column mask fail with ParseException if column name has special char

Rajkumar Singh created HIVE-24194:
-------------------------------------

             Summary: Query with column mask fail with ParseException if column name has special char
                 Key: HIVE-24194
                 URL: https://issues.apache.org/jira/browse/HIVE-24194
             Project: Hive
          Issue Type: Bug
          Components: Hive
    Affects Versions: 3.1.2
            Reporter: Rajkumar Singh


hive query with column masking failed with ParseException

Table DDL

{code:java}
CREATE TABLE `emp`( `id` string, `name#` string);
{code}

The following query failed
{code:java}
select `emp`.`id`, `emp`.`name#` from (SELECT `id`, CAST(mask_show_first_n(name#, 4, 'x', 'x', 'x', -1, '1') AS string) AS `name#`, BLOCK__OFFSET__INSIDE__FILE, INPUT__FILE__NAME, ROW__ID FROM `default`.`emp` )`emp`;
{code}


Error: Error while compiling statement: FAILED: ParseException line 1:79 character '#' not supported here (state=42000,code=40000)

quoting manually helped 

{code:java}
select `emp`.`id`, `emp`.`name#` from (SELECT `id`, CAST(mask_show_first_n(`name#`, 4, 'x', 'x', 'x', -1, '1') AS string) AS `name#`, BLOCK__OFFSET__INSIDE__FILE, INPUT__FILE__NAME, ROW__ID FROM `default`.`emp` )`emp`;
{code}

manual query change will not work for Ranger authorizer as following query


{code:java}
select * from emp;
{code}

will be rewritten to 

{code:java}
select `emp`.`id`, `emp`.`name#` from (SELECT `id`, CAST(mask_show_first_n(name#, 4, 'x', 'x', 'x', -1, '1') AS string) AS `name#`, BLOCK__OFFSET__INSIDE__FILE, INPUT__FILE__NAME, ROW__ID FROM `default`.`emp` )`emp`;
{code}

Ranger apply the transformer for column here so we should consider the enclosing the column names in the back-ticks to make it work

https://github.com/apache/ranger/blob/master/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java#L1332

I have opened https://issues.apache.org/jira/browse/RANGER-3009 for Ranger but checking we hive can pass the column name enclosed in back-ticks while passing the priv-object to ranger 

https://github.com/apache/hive/blob/7dd12cd9d77aaaa20f22159062d3c3e5d7bdd127/ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzer.java#L11977



--
This message was sent by Atlassian Jira
(v8.3.4#803005)