[jira] [Work logged] (HIVE-25532) Missing authorization info for KILL QUERY command

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/HIVE-25532?focusedWorklogId=653211&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-653211
 ]

ASF GitHub Bot logged work on HIVE-25532:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 20/Sep/21 21:16
            Start Date: 20/Sep/21 21:16
    Worklog Time Spent: 10m 
      Work Description: saihemanth-cloudera commented on a change in pull 
request #2649:
URL: https://github.com/apache/hive/pull/2649#discussion_r712518128



##########
File path: service/src/java/org/apache/hive/service/server/KillQueryImpl.java
##########
@@ -116,6 +119,8 @@ public static void killChildYarnJobs(Configuration conf, 
String tag, String doAs
 
   private static boolean isAdmin() {
     boolean isAdmin = false;
+    // RANGER-1851
+    HivePrivilegeObject serviceNameObj = new 
HivePrivilegeObject(HivePrivilegeObject.HivePrivilegeObjectType.SERVICE_NAME, 
null, "hiveservice");

Review comment:
       LGTM




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 653211)
    Time Spent: 40m  (was: 0.5h)

> Missing authorization info for KILL QUERY command
> -------------------------------------------------
>
>                 Key: HIVE-25532
>                 URL: https://issues.apache.org/jira/browse/HIVE-25532
>             Project: Hive
>          Issue Type: Bug
>          Components: HiveServer2
>            Reporter: Abhay
>            Assignee: Abhay
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> We added authorization for Kill Query command some time back with the help of 
> Ranger. Below is the ticket https://issues.apache.org/jira/browse/RANGER-1851
> However, we have observed that this hasn't been working as expected. The 
> Ranger service expects Hive to send in a privilege object of the type 
> SERVICE_NAME but we can see below
>  
> [https://github.com/apache/hive/blob/master/service/src/java/org/apache/hive/service/server/KillQueryImpl.java#L131]
>  that it is sending an empty array list. 
>  The Ranger service never throws an exception to this and this results in any 
> user being able to kill any query even though they don't have necessary 
> permissions.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)