You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Loïc C. Chanel (JIRA)" <ji...@apache.org> on 2015/08/21 09:24:46 UTC
[jira] [Resolved] (RANGER-620) Ability to use database when
connecting to it via HiveServer2 without policy authorizing it
[ https://issues.apache.org/jira/browse/RANGER-620?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Loïc C. Chanel resolved RANGER-620.
-----------------------------------
Resolution: Fixed
Fix Version/s: 0.5.0
> Ability to use database when connecting to it via HiveServer2 without policy authorizing it
> -------------------------------------------------------------------------------------------
>
> Key: RANGER-620
> URL: https://issues.apache.org/jira/browse/RANGER-620
> Project: Ranger
> Issue Type: Bug
> Components: admin
> Affects Versions: 0.4.0
> Environment: HiveServer2 on Ambari with Ranger plugin enabled
> Reporter: Loïc C. Chanel
> Priority: Critical
> Labels: hiveserver, security
> Fix For: 0.5.0
>
>
> When doing with beeline
> !connect jdbc:hive2://192.168.6.210:10000/db1;principal=hive/hivehost@REALM org.apache.hive.jdbc.HiveDriver
> I can connect to db1, and even make a show tables without having any authorizing policy for these actions.
> And I am sure I have no right to connect and see these tables, because when doing
> !connect jdbc:hive2://192.168.6.210:10000/;principal=hive/hivehost@REALM org.apache.hive.jdbc.HiveDriver
> I can't make a use db1 without the error :
> Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [testuser] does not have [USE] privilege on [db1] (state=42000,code=40000)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)