hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Dere (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-8045) SQL standard auth with cli - Errors and configuration issues
Date Wed, 17 Sep 2014 21:22:34 GMT

    [ https://issues.apache.org/jira/browse/HIVE-8045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14138004#comment-14138004
] 

Jason Dere commented on HIVE-8045:
----------------------------------

Couple comments on RB.
The docs will also need to be updated to reflect the supported auth configurations, for both
HS2 and CLI. Might want to keep them separate from any such configurations supported in 0.13,
since it looks like there are some differences now.

> SQL standard auth with cli - Errors and configuration issues
> ------------------------------------------------------------
>
>                 Key: HIVE-8045
>                 URL: https://issues.apache.org/jira/browse/HIVE-8045
>             Project: Hive
>          Issue Type: Bug
>          Components: Authorization
>            Reporter: Jagruti Varia
>            Assignee: Thejas M Nair
>         Attachments: HIVE-8045.1.patch
>
>
> HIVE-7533 enabled sql std authorization to be set in hive cli (without enabling authorization
checks). This updates hive configuration so that create-table and create-views set permissions
appropriately for the owner of the table.
> HIVE-7209 added a metastore authorization provider that can be used to restricts calls
made to the authorization api, so that only HS2 can make those calls (when HS2 uses embedded
metastore).
> Some issues were found with this.
> # Even if hive.security.authorization.enabled=false, authorization checks were happening
for non sql statements as add/detete/dfs/compile, which results in MetaStoreAuthzAPIAuthorizerEmbedOnly
throwing an error.
> # Create table from hive-cli ended up calling metastore server api call (getRoles) and
resulted in  MetaStoreAuthzAPIAuthorizerEmbedOnly throwing an error.
> # Some users prefer to enable authorization using hive-site.xml for hive-server2 (hive.security.authorization.enabled
param). If this file is shared by hive-cli and hive-server2,  SQL std authorizer throws an
error because is use in hive-cli is not allowed.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message