Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Should a Hive view observe the Ranger security policies on columns in the underlying table

Should a Hive view observe the Ranger security policies on columns in the underlying table

New Contributor

We have a table (table1) with columns column1 and column2, and a Ranger policy that only grants access to column2.

Doing a "select * from table1" in Beeline gives a permission denied error as expected.

Doing a "select column2 from table1" works as expected.

We created a view on this table - "create view v1 as select * from table1;", and a Ranger policy that grants access to all columns in the view.

Doing a "select * from v1" brings back data from both columns (column1 and column2) in the underlying table even though column1 has been denied access through the Ranger policy on the underlying table.

Is this expected? Shouldn't the Ranger policy on the underlying table be inherited by the View?

Don't have an account?
Coming from Hortonworks? Activate your account here