Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id A3720200D18 for ; Wed, 27 Sep 2017 01:41:04 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id A1DA71609EB; Tue, 26 Sep 2017 23:41:04 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id E86191609D7 for ; Wed, 27 Sep 2017 01:41:03 +0200 (CEST) Received: (qmail 10252 invoked by uid 500); 26 Sep 2017 23:41:03 -0000 Mailing-List: contact issues-help@hive.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@hive.apache.org Delivered-To: mailing list issues@hive.apache.org Received: (qmail 10243 invoked by uid 99); 26 Sep 2017 23:41:03 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 26 Sep 2017 23:41:03 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id B6ED3C8A91 for ; Tue, 26 Sep 2017 23:41:02 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -100.002 X-Spam-Level: X-Spam-Status: No, score=-100.002 tagged_above=-999 required=6.31 tests=[RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id lRl7vjcvZyp2 for ; Tue, 26 Sep 2017 23:41:02 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id E5AC95FE4F for ; Tue, 26 Sep 2017 23:41:01 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 19410E0F62 for ; Tue, 26 Sep 2017 23:41:01 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 4FD062427E for ; Tue, 26 Sep 2017 23:41:00 +0000 (UTC) Date: Tue, 26 Sep 2017 23:41:00 +0000 (UTC) From: "Thejas M Nair (JIRA)" To: issues@hive.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HIVE-17606) Improve security for DB notification related APIs MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Tue, 26 Sep 2017 23:41:04 -0000 [ https://issues.apache.org/jira/browse/HIVE-17606?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16181754#comment-16181754 ] Thejas M Nair commented on HIVE-17606: -------------------------------------- Can you also call the authorize method something more specific like authorizeProxyPrivilege(), since its doing a very specific authorization check ? There is more general authorization api provided via pre-event listener, this would help do avoid confusing with that. > Improve security for DB notification related APIs > ------------------------------------------------- > > Key: HIVE-17606 > URL: https://issues.apache.org/jira/browse/HIVE-17606 > Project: Hive > Issue Type: Improvement > Components: Metastore > Reporter: Tao Li > Assignee: Tao Li > Attachments: HIVE-17606.1.patch, HIVE-17606.2.patch, HIVE-17606.3.patch > > > The purpose is to make sure only the superusers which are specified in the proxyuser settings can make the db notification related API calls, since this is supposed to be called by superuser/admin instead of any end user. -- This message was sent by Atlassian JIRA (v6.4.14#64029)