hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shreepadma Venugopalan (JIRA)" <>
Subject [jira] [Commented] (HIVE-3705) Adding authorization capability to the metastore
Date Fri, 16 Nov 2012 01:37:11 GMT


Shreepadma Venugopalan commented on HIVE-3705:

@Sushanth: Thanks for posting the document and the patch. Securing the metastore is necessary
to provide reliable authorization in Hive. I looked at the document and the code and have
the following high level questions,

 a)The document contains an example of how the current pluggable authorization provider can
be exploited to circumvent security. This patch seems to introduce a new config param -
- that allows a pluggable authorization provider. Perhaps I'm missing something here, but
wondering how we would prevent a user from plugging in their own authorization provider. 

 b)The current Hive authorization model exposes semantics that is confusing and at times inconsistent.
While this patch has moved the auth checks to the metastore (IMO, this is the right thing
to do) it seems to implement the existing semantics. Wondering if there is a plan to fix the
semantics at some point.

 c)How do we obtain the userid for performing authorization? Are we using the authentication
id from the Thrift context? If so, how do we handle the case where the authentication id is
different from the authorization id, for e.g., HS2 authenticates to the metastore as HS2 but
is executing a statement on behalf of user 'u1'? Thanks.
> Adding authorization capability to the metastore
> ------------------------------------------------
>                 Key: HIVE-3705
>                 URL:
>             Project: Hive
>          Issue Type: New Feature
>          Components: Authorization, Metastore
>            Reporter: Sushanth Sowmyan
>            Assignee: Sushanth Sowmyan
>         Attachments: HIVE-3705.D6681.1.patch, HIVE-3705.D6681.2.patch, hivesec_investigation.pdf
> In an environment where multiple clients access a single metastore, and we want to evolve
hive security to a point where it's no longer simply preventing users from shooting their
own foot, we need to be able to authorize metastore calls as well, instead of simply performing
every metastore api call that's made.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message