hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Edward Capriolo (JIRA)" <>
Subject [jira] Commented: (HIVE-78) Authentication infrastructure for Hive
Date Thu, 17 Sep 2009 22:19:58 GMT


Edward Capriolo commented on HIVE-78:


I think, I can explain why AS made sense at the time. My plan was not to decouple users from
a rule. See my little patch.

+struct AccessControl {
+  1: list<string>	user,
+  2: list<string>	group,
+  3: list<string>	database,
+  4: list<string>	table,
+  5: list<string>	partition,
+  6: list<string>	column,
+  7: list<string>	priv,
+  8: string		name

I wanted to be more or less immutable or support really simple syntax.

Something like this is doable
GRANT my_permission to USER3;
But it seems to imply that users are decoupled from the rule. 
This is really not true (in my design) a user or group is just another multivalued attribute
of the rule. 

I would like the format to be inter-changable 
ALTER my_permission add db 'db';
ALTER my_permission add table 'db.table';
ALTER my_permission drop table 'db.table';

Above in this Jira see Ashish's comment..

I agree, it is best to punt authentication to the authentication systems (LDAP, kerb etc.
etc.) and concentrate on authorization (privileges) here. 

The goal here is to trust the User/group information as hadoop does, and create a system that
grants/revokes privileges.  Authentication and Authorization are two separate things so our
Jira is misnamed :)

I will review your patch, just to see what you came up with. As I said, you are farther along
then I am, and this has been off my radar so I don't mind passing the baton, but Namit is
right we have to agree on the syntax because and what we are controlling because down the
road it will be an issue.

> Authentication infrastructure for Hive
> --------------------------------------
>                 Key: HIVE-78
>                 URL:
>             Project: Hadoop Hive
>          Issue Type: New Feature
>          Components: Server Infrastructure
>            Reporter: Ashish Thusoo
>            Assignee: Edward Capriolo
>         Attachments: hive-78-metadata-v1.patch, hive-78-syntax-v1.patch, hive-78.diff
> Allow hive to integrate with existing user repositories for authentication and authorization

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message