The following flaw was reported in Apache Hive: Some partition-level operations exist that do not explicitly also authorize privileges of the parent table. This can lead to issues when the parent table would have denied the operation, but no denial occurs because the partition-level privilege is not checked by the authorization framework, which defines authorization entities only from the table level upwards. This issue is known to affect Hive clusters protected by both Ranger as well as SqlStdHiveAuthorization. External reference: http://seclists.org/bugtraq/2016/Jan/157
Created hive tracking bugs for this issue: Affects: fedora-all [bug 1303042]
Updated external reference: http://seclists.org/oss-sec/2016/q1/368