'show databases' fails with access-denied when use...

pengquan21 · ‎08-09-2018

I am working with Ranger the user, ranger, which has access to database default. When Execute ‘show databases;’ via beeline;the user [hive] should see ‘default’. Instead following error is shown:

Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [hive] does not have [USE] privilege on [*] (state=42000,code=40000)

When I changed the policy ' db=default; table=\*; col=\* ' to ' db=\*; table=\*; col=\*' then execute ‘show databases;’ It would be ok.

Ranger verion:1.0.0

Thanks

sandyy006 · ‎08-10-2018

@misaki mei

A user should be having proper permissions on the default database. I quite didn't understand on what was the difference between your two attempts.

pengquan21 · ‎08-10-2018

According to the following link :

https://cwiki.apache.org/confluence/display/RANGER/Hive+Commands+to+Ranger+Permission+Mapping

I add the resource based policy "database=default table=\* column= \* " and the permission is "select". But it failed with access-denied.

And then I modify the policy to "database=\* table=\* column= \* " , it would be ok.

'show databases' fails with access-denied when user has access to some of the databases

'show databases' fails with access-denied when user has access to some of the databases

Re: 'show databases' fails with access-denied when user has access to some of the databases

Re: 'show databases' fails with access-denied when user has access to some of the databases