hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sushanth Sowmyan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-3591) set hive.security.authorization.enabled can be executed by any user
Date Wed, 21 Aug 2013 23:31:53 GMT

    [ https://issues.apache.org/jira/browse/HIVE-3591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13747019#comment-13747019
] 

Sushanth Sowmyan commented on HIVE-3591:
----------------------------------------

[~lmccay] : I wouldn't say "resolved", per se - the issue you bring is a valid one, but one
that does not fit the original hive security design (designed to prevent people from accidentally
doing something dangerous, as opposed to being designed to prevent malicious users). For the
security-conscious, there is currently a work-around(metastore-side security) for the intermediate
case where stronger security is needed.

I think this is an important data point though, for us to consider when trying to nail down
hive security, and there is some intermediate work possible for this in the short run as well(the
above restricted conf idea)
                
> set hive.security.authorization.enabled can be executed by any user
> -------------------------------------------------------------------
>
>                 Key: HIVE-3591
>                 URL: https://issues.apache.org/jira/browse/HIVE-3591
>             Project: Hive
>          Issue Type: Bug
>          Components: Authorization, CLI, Clients, JDBC
>    Affects Versions: 0.7.1
>         Environment: RHEL 5.6
> CDH U3
>            Reporter: Dev Gupta
>              Labels: Authorization, Security
>
> The property hive.security.authorization.enabled can be set to true or false, by any
user on the CLI, thus circumventing any previously set grants and authorizations. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message