[
https://issues.apache.org/jira/browse/HIVE-11988?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sushanth Sowmyan updated HIVE-11988:
------------------------------------
Attachment: HIVE-11988.4.patch
Updated patch to cover the previous failures.
> [hive] security issue with hive & ranger for import table command
> -----------------------------------------------------------------
>
> Key: HIVE-11988
> URL: https://issues.apache.org/jira/browse/HIVE-11988
> Project: Hive
> Issue Type: Bug
> Components: Hive
> Affects Versions: 0.14.0, 1.2.1
> Reporter: Deepak Sharma
> Assignee: Sushanth Sowmyan
> Priority: Critical
> Attachments: HIVE-11988.2.patch, HIVE-11988.3.patch,
> HIVE-11988.4.patch, HIVE-11988.patch
>
>
> if a user does not have permission to create table in hive , then if the same
> user import data for a table using following command then , it will have to
> create table also and that is working successfully , ideally it should not
> work
> STR:
> ====
> 1. put some raw data in hdfs path /user/user1/tempdata
> 2. in ranger check policy , user1 should not have any permission on any table
> 3. login through user1 into beeline ( obviously it will fail since user
> doesnt have permission to create table)
> create table tt1(id INT,ff String);
> FAILED: HiveAccessControlException Permission denied: user user1 does not
> have CREATE privilege on default/tt1 (state=42000,code=40000)
> 4. now try following command to import data into a table ( table should not
> exist already)
> import table tt1 from '/user/user1/tempdata';
> ER:
> since user1 doesnt have permission to create table so this operation should
> fail
> AR:
> table is created successfully and data is also imported !!
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
