ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dmytro Sen (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AMBARI-5289) HiveServer2 default security configuration changes
Date Mon, 31 Mar 2014 15:39:14 GMT
Dmytro Sen created AMBARI-5289:
----------------------------------

             Summary: HiveServer2 default security configuration changes
                 Key: AMBARI-5289
                 URL: https://issues.apache.org/jira/browse/AMBARI-5289
             Project: Ambari
          Issue Type: Bug
          Components: controller
    Affects Versions: 1.5.0
            Reporter: Dmytro Sen
            Assignee: Dmytro Sen
             Fix For: 1.5.1


1.
For hive server2 startup commandline option, ambari should specify the following configuration
values:
-hiveconf hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory
-hiveconf hive.security.authorization.enabled=true
-hiveconf hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator.
2.
Ambari has been specifying the config hive.metastore.uris="" . It would be better to stop
specifying this. With changes in hive security, there is some overhead of using embedded metastore
from hive-server2.
3.
There is a new config parameter "hive.users.in.admin.role" that is important to security.
If user is specified as value of this config, that user has superuser privileges (meant for
a user playing the DBA role).
This should be set in hive-site.xml (used by metastore server). If it's set a default admin
for any other service we can do the same here.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message