[
https://issues.apache.org/jira/browse/HIVE-16028?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Wei Zheng updated HIVE-16028:
-----------------------------
Resolution: Fixed
Fix Version/s: 2.2.0
Status: Resolved (was: Patch Available)
Committed to master. Thanks Pengcheng for the review!
> Fail UPDATE/DELETE/MERGE queries when Ranger authorization manager is used
> --------------------------------------------------------------------------
>
> Key: HIVE-16028
> URL: https://issues.apache.org/jira/browse/HIVE-16028
> Project: Hive
> Issue Type: Bug
> Components: Authorization, Transactions
> Affects Versions: 2.2.0
> Reporter: Wei Zheng
> Assignee: Wei Zheng
> Fix For: 2.2.0
>
> Attachments: HIVE-16028.1.patch, HIVE-16028.2.patch
>
>
> This is a followup of HIVE-15891. In that jira an error-out logic was added,
> but the assumption that we need to do row filtering/column masking for
> entries in a non-empty list of tables returned by
> applyRowFilterAndColumnMasking is wrong, because on Ranger side,
> RangerHiveAuthorizer#applyRowFilterAndColumnMasking will unconditionally
> return a list of tables no matter whether row filtering/column masking is
> applicable on the tables.
> The fix for Hive for now will be to move the error-out logic after we figure
> out there's no replacement text for the query. But ideally we should consider
> modifying Ranger logic to only return tables that need to be masked.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
