We have a table (table1) with columns column1 and column2, and a Ranger policy that only grants access to column2.
Doing a "select * from table1" in Beeline gives a permission denied error as expected.
Doing a "select column2 from table1" works as expected.
We created a view on this table - "create view v1 as select * from table1;", and a Ranger policy that grants access to all columns in the view.
Doing a "select * from v1" brings back data from both columns (column1 and column2) in the underlying table even though column1 has been denied access through the Ranger policy on the underlying table.
Is this expected? Shouldn't the Ranger policy on the underlying table be inherited by the View?