Hi,
I am finding some inconsistent behavior related to Hive authorization, and I am
wondering if it is a bug or something related to my setup.
I have our "default" database set up to only allow SELECT for user "skrishnan".
But user skrishnan has "ALL" privileges on database "skrishnan".
The following works correctly (I.e user shouldn't be able to create a table in
the default database):
hive> use default;
OK
Time taken: 0.043 seconds
hive> create table skrishnan_test(i int);
Authorization failed:No privilege 'Create' found for outputs {
database:default}. Use show grant to get more details.
However, user skrishnan can indeed create tables in the default database by
doing this:
hive> use skrishnan;
OK
Time taken: 0.038 seconds
hive> create table default.skrishnan_test(i int);
OK
Time taken: 0.34 seconds
That means that the database level authorization is basically circumvented by
first using a database that a user has all privileges to. Is there a setting
that one can use to disable this? Or this is a Hive bug?
Thanks,
Sriram
