Uploaded image for project: 'CDAP'
  1. CDAP
  2. CDAP-13123

Explore query on streams fails in an impersonated namespace with authorization enabled

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 4.3.3
    • Fix Version/s: 5.0.0, 4.3.4
    • Component/s: Security
    • Labels:
    • Release Notes:
      Fixed a bug that stream hive exploration query does not work in an impersonated namespace.
    • Rank:
      1|i00ax3:

      Description

      In https://github.com/caskdata/cdap/pull/9092, we had a regressive bug about the stream explore query. We try to access the owner store before we check the current ugi is able to impersonate. If the user does not have access the owner store, an UnAuthorizedException is thrown.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                yaojie Yaojie Feng
                Reporter:
                yaojie Yaojie Feng
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: