hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Edward Capriolo (JIRA)" <>
Subject [jira] Commented: (HIVE-78) Authentication infrastructure for Hive
Date Wed, 15 Apr 2009 16:40:15 GMT


Edward Capriolo commented on HIVE-78:

>> 1) What would be the syntax to create user/passwd combos and logging in?
username and password would come externally. I notice a hadoop Jira on authenticate via Kerb4
and LDAP. We are best off splitting the authentication and authorization as we spoke of above.
user and group are your external posix groups

>> 2) Are the permissions stored in metastore are per user or per table or a combo?

They should be stored in the metastore.  a rule like GRANT * on '*' TO '*' AS my_permission
would have to be stored everywhere and that would be a PITA.

>> 3) Do we really need groups? I don't think MySQL implements groups
 The group is your posix login group. Allowing groups is a simple way to reduce the number
of per user rules.

>> 4) 
Right again. The separation here is we let the authentication system carry all the burden
of username, groups and password. The metastore is only concerned with what that user can
do inside hive. 

> Authentication infrastructure for Hive
> --------------------------------------
>                 Key: HIVE-78
>                 URL:
>             Project: Hadoop Hive
>          Issue Type: New Feature
>          Components: Server Infrastructure
>            Reporter: Ashish Thusoo
>            Assignee: Edward Capriolo
> Allow hive to integrate with existing user repositories for authentication and authorization

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message