You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Abhay Kulkarni (JIRA)" <ji...@apache.org> on 2017/03/27 22:08:41 UTC

[jira] [Created] (RANGER-1477) 'show databases' fails with access-denied when user doesn't have access to some of the databases

Abhay Kulkarni created RANGER-1477:
--------------------------------------

             Summary: 'show databases' fails with access-denied when user doesn't have access to some of the databases
                 Key: RANGER-1477
                 URL: https://issues.apache.org/jira/browse/RANGER-1477
             Project: Ranger
          Issue Type: Bug
          Components: Ranger
    Affects Versions: 0.7.0, 1.0.0
            Reporter: Abhay Kulkarni
            Assignee: Abhay Kulkarni
             Fix For: 1.0.0, 0.7.1


Consider the following scenario:
2 database in Hive: db1, db2
2 tables, one in each database: db1.tbl1, db2.tbl2
Ranger: add a resource based policy to allow all access to public on db=; tbl=; col=*
Execute ‘show databases;’ via beeline; it lists both db1 and db2
Atlas: add EXPIRES_ON tag to db2.tbl2 with expiry_date 2016/12/31
Ranger: add a tag-based policy to deny all access to public on for EXPIRES_ON tag with access-after-expiry=true
Execute ‘show databases’ via beeline; the user should see ‘db1’. Instead following error is shown:

Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [admin] does not have [USE] privilege on [null] (state=42000,code=40000)




--
This message was sent by Atlassian JIRA
(v6.3.15#6346)