hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sushanth Sowmyan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-3009) do authorization for all metadata operations
Date Thu, 13 Mar 2014 21:03:47 GMT

    [ https://issues.apache.org/jira/browse/HIVE-3009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13934051#comment-13934051
] 

Sushanth Sowmyan commented on HIVE-3009:
----------------------------------------

Hi,

This bug's status is now mostly abandoned and should be marked RESOLVED-INVALID. Hive Authorization
has been reworked, and is being tracked over at https://issues.apache.org/jira/browse/HIVE-5837
, following a SQL standard authorization mode.

As part of design, it was decided that metastore-level security for show/describe was difficult
to separate form client-side security, which is inherently insecure, and thus, the truly secure
model is to use something like HiveServer2, lock down the metastore and not allow any outside
access to it, and then use SQL standard authorization on top of that.

> do authorization for all metadata operations
> --------------------------------------------
>
>                 Key: HIVE-3009
>                 URL: https://issues.apache.org/jira/browse/HIVE-3009
>             Project: Hive
>          Issue Type: Bug
>          Components: Authorization, Metastore
>            Reporter: Thejas M Nair
>            Assignee: Vandana Ayyalasomayajula
>
> Most of the metadata read operations and some write operations are not checking for authorization.

> See org.apache.hadoop.hive.ql.plan.HiveOperation . Operations such as DESCTABLE and DROPDATABASE
have null for required privileges. 



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message