hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Namit Jain (JIRA)" <>
Subject [jira] Commented: (HIVE-78) Authorization infrastructure for Hive
Date Tue, 16 Nov 2010 06:43:16 GMT


Namit Jain commented on HIVE-78:

      //do the authorization check
385         if (HiveConf.getBoolVar(conf,
386                   HiveConf.ConfVars.HIVE_AUTHORIZATION_ENABLED)) {
387                           boolean pass = doAuthorization(sem);
388                                   if (!pass) {
389                                             console.printError("Authrizatio\
n failed (not enough privileges found t?
o run the query.).");
390             return (400);
391                     }
392                           }

Can we print the reason which privilege was missing ?

Can we optimize the scenario - we are checking for all partitions one-by-one
both for inputs and outputs ? What if the user/group/role has the table
privilege - we dont need to go over all the partitions one by one.
We can even do this in a follow-up

Why do we need the change in QueryPlan ?

showGrants: should the output have a schema ? Going forwad, it will
be easier for JDBC clients to parse.

No need	to change WriteEntity etc. ?

user cannot be made a reserved word - ~20 tables have a	column called 'user'
in facebook - please check 'role' and 'option'.

SemanticAnalyzer: 3511 not needed

What happens to	replication of roles - needs to	be done

Where are the privileges copied	for a newly created partition ?

> Authorization infrastructure for Hive
> -------------------------------------
>                 Key: HIVE-78
>                 URL:
>             Project: Hive
>          Issue Type: New Feature
>          Components: Metastore, Query Processor, Server Infrastructure
>            Reporter: Ashish Thusoo
>            Assignee: He Yongqiang
>         Attachments: createuser-v1.patch, hive-78-metadata-v1.patch, hive-78-syntax-v1.patch,
HIVE-78.1.nothrift.patch, HIVE-78.1.thrift.patch, HIVE-78.2.nothrift.patch, HIVE-78.2.thrift.patch,
> Allow hive to integrate with existing user repositories for authentication and authorization

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message