hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Namit Jain (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HIVE-78) Authorization infrastructure for Hive
Date Tue, 16 Nov 2010 06:43:16 GMT

    [ https://issues.apache.org/jira/browse/HIVE-78?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12932354#action_12932354
] 

Namit Jain commented on HIVE-78:
--------------------------------

Driver:
      //do the authorization check
385         if (HiveConf.getBoolVar(conf,
386                   HiveConf.ConfVars.HIVE_AUTHORIZATION_ENABLED)) {
387                           boolean pass = doAuthorization(sem);
388                                   if (!pass) {
389                                             console.printError("Authrizatio\
n failed (not enough privileges found t?
o run the query.).");
390             return (400);
391                     }
392                           }


Can we print the reason which privilege was missing ?



Can we optimize the scenario - we are checking for all partitions one-by-one
both for inputs and outputs ? What if the user/group/role has the table
privilege - we dont need to go over all the partitions one by one.
We can even do this in a follow-up



Why do we need the change in QueryPlan ?

showGrants: should the output have a schema ? Going forwad, it will
be easier for JDBC clients to parse.

No need	to change WriteEntity etc. ?

user cannot be made a reserved word - ~20 tables have a	column called 'user'
in facebook - please check 'role' and 'option'.

SemanticAnalyzer: 3511 not needed


What happens to	replication of roles - needs to	be done


Where are the privileges copied	for a newly created partition ?


> Authorization infrastructure for Hive
> -------------------------------------
>
>                 Key: HIVE-78
>                 URL: https://issues.apache.org/jira/browse/HIVE-78
>             Project: Hive
>          Issue Type: New Feature
>          Components: Metastore, Query Processor, Server Infrastructure
>            Reporter: Ashish Thusoo
>            Assignee: He Yongqiang
>         Attachments: createuser-v1.patch, hive-78-metadata-v1.patch, hive-78-syntax-v1.patch,
HIVE-78.1.nothrift.patch, HIVE-78.1.thrift.patch, HIVE-78.2.nothrift.patch, HIVE-78.2.thrift.patch,
hive-78.diff
>
>
> Allow hive to integrate with existing user repositories for authentication and authorization
infromation.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message