You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Abhay Kulkarni (JIRA)" <ji...@apache.org> on 2017/03/27 22:08:41 UTC
[jira] [Created] (RANGER-1477) 'show databases' fails with
access-denied when user doesn't have access to some of the databases
Abhay Kulkarni created RANGER-1477:
--------------------------------------
Summary: 'show databases' fails with access-denied when user doesn't have access to some of the databases
Key: RANGER-1477
URL: https://issues.apache.org/jira/browse/RANGER-1477
Project: Ranger
Issue Type: Bug
Components: Ranger
Affects Versions: 0.7.0, 1.0.0
Reporter: Abhay Kulkarni
Assignee: Abhay Kulkarni
Fix For: 1.0.0, 0.7.1
Consider the following scenario:
2 database in Hive: db1, db2
2 tables, one in each database: db1.tbl1, db2.tbl2
Ranger: add a resource based policy to allow all access to public on db=; tbl=; col=*
Execute ‘show databases;’ via beeline; it lists both db1 and db2
Atlas: add EXPIRES_ON tag to db2.tbl2 with expiry_date 2016/12/31
Ranger: add a tag-based policy to deny all access to public on for EXPIRES_ON tag with access-after-expiry=true
Execute ‘show databases’ via beeline; the user should see ‘db1’. Instead following error is shown:
Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [admin] does not have [USE] privilege on [null] (state=42000,code=40000)
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)