hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sushanth Sowmyan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-7209) allow metastore authorization api calls to be restricted to certain invokers
Date Fri, 13 Jun 2014 08:08:01 GMT

    [ https://issues.apache.org/jira/browse/HIVE-7209?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14030365#comment-14030365
] 

Sushanth Sowmyan commented on HIVE-7209:
----------------------------------------

Looks good to me. +1.

> allow metastore authorization api calls to be restricted to certain invokers
> ----------------------------------------------------------------------------
>
>                 Key: HIVE-7209
>                 URL: https://issues.apache.org/jira/browse/HIVE-7209
>             Project: Hive
>          Issue Type: Bug
>          Components: Authentication, Metastore
>            Reporter: Thejas M Nair
>            Assignee: Thejas M Nair
>         Attachments: HIVE-7209.1.patch, HIVE-7209.2.patch, HIVE-7209.3.patch
>
>
> Any user who has direct access to metastore can make metastore api calls that modify
the authorization policy. 
> The users who can make direct metastore api calls in a secure cluster configuration are
usually the 'cluster insiders' such as Pig and MR users, who are not (securely) covered by
the metastore based authorization policy. But it makes sense to disallow access from such
users as well.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message