hadoop-hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ashish Thusoo (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HIVE-78) Authentication infrastructure for Hive
Date Wed, 15 Apr 2009 18:26:14 GMT

    [ https://issues.apache.org/jira/browse/HIVE-78?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12699306#action_12699306
] 

Ashish Thusoo commented on HIVE-78:
-----------------------------------

I agree, it is best to punt authentication to the authentication systems (LDAP, kerb etc.
etc.) and concentrate on authorization (privileges) here.

About the syntax:

1.  I am not sure what AS is used for.
2. column level permissions are good but they can perhaps be addressed with views and treating
permissions on views as we do for tables.
3. I would add the key word TABLE in the GRANT statement, like mysql because we may have permissions
on User defined functions and types in future... so something like..
   GRANT SELECT ON TABLE 'cat1' TO 'USER1' 
4. Also maybe in the TO clause make the user and group explict - TO USERS a, b, c GROUPS g1,
g2  otherwise the reader of the command may not know what is a group and what is a user. I
presume this would also make the authorization logic somewhat simpler as you would know exactly
what to look for?

About the blocker that you mentioned, we should perhaps let the hadoop file permissions be
independent of Hive ACLs. Of course you need both to be able to do anything on the table.
Can be tricky though.. Will spend a bit more time thinking about this - this looks pretty
cool...


> Authentication infrastructure for Hive
> --------------------------------------
>
>                 Key: HIVE-78
>                 URL: https://issues.apache.org/jira/browse/HIVE-78
>             Project: Hadoop Hive
>          Issue Type: New Feature
>          Components: Server Infrastructure
>            Reporter: Ashish Thusoo
>            Assignee: Edward Capriolo
>
> Allow hive to integrate with existing user repositories for authentication and authorization
infromation.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message