hive-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ranjith <ranjith.raghuna...@gmail.com>
Subject Re: Is there a way to create user account and grant read only permissions?
Date Sat, 19 May 2012 13:53:05 GMT
How are others setting up hive for use in production? I guess my real question how are many
of us getting around these security gaps?

Thanks,
Ranjith

On May 19, 2012, at 12:05 AM, Bejoy Ks <bejoy_ks@yahoo.com> wrote:

> Hi Ranjith
> 
>      AFAIK Segmenting tables into databases won't help much as, again the Authorization
issues would pop out. An user himself may be able to grant rights to access another db. Different
metastores is an option, but again maintaining all of them is still a hassle, still you can
do it. The fair solution is only on its way. :)
> 
> Regards
> Bejoy  
> 
> From: Ranjith <ranjith.raghunath1@gmail.com>
> To: "user@hive.apache.org" <user@hive.apache.org> 
> Cc: "user@hive.apache.org" <user@hive.apache.org> 
> Sent: Saturday, May 19, 2012 9:53 AM
> Subject: Re: Is there a way to create user account and grant read only permissions?
> 
> Is separate metastores and separate hive servers the only way to go here? Or can we segment
tables into databases and then use hive authorization.
> 
> Thanks,
> Ranjith
> 
> On May 18, 2012, at 11:08 PM, "Bejoy KS" <bejoy_ks@yahoo.com> wrote:
> 
>> Hi patrick
>> The Authorization mechanisms in hive are not as solid as other RDBMS. A user can
grant himself rights and can then drop a table or do whatever operations he likes to do. There
is no super user(admin) and sub user concept in hive yet, but the community is having plans
to implement that in future with strong Authorization mechanisms. 
>> Saying this if the business users are guaranteed not to play with GRANT statements
or rather not change permissions themselves, (But it is hard to guarantee this when the no
of users are large :) ) hive can satisfy your requirement.
>> Regards
>> Bejoy KS
>> 
>> Sent from handheld, please excuse typos.
>> From: "Raghunath, Ranjith" <Ranjith.Raghunath1@usaa.com>
>> Date: Sat, 19 May 2012 00:54:36 +0000
>> To: user@hive.apache.org<user@hive.apache.org>
>> ReplyTo: user@hive.apache.org
>> Subject: RE: Is there a way to create user account and grant read only permissions?
>> 
>> Take a look at this, https://cwiki.apache.org/Hive/languagemanual-auth.html. This
may be what you are looking for .
>>  
>> From: shashwat shriparv [mailto:dwivedishashwat@gmail.com] 
>> Sent: Friday, May 18, 2012 3:08 PM
>> To: user@hive.apache.org
>> Subject: Re: Is there a way to create user account and grant read only permissions?
>>  
>> Check out this
>>  
>> https://ccp.cloudera.com/display/CDHDOC/Hive+Security+Configuration 
>> On Sat, May 19, 2012 at 12:17 AM, Patrick Luo <luo@trulia.com> wrote:
>> My use case requires individual accounts for business users groups. Is there a way
to mimic MySQL (or other database) to create users with read-only permissions? This avoid
business user accidental table drop. Metastore has table ROLES but don’t see documentation
on that. Much appreciated if anyone can point to the documentation or share your thoughts
on this? 
>>  
>> - Patrick 
>>  
>>  
>> 
>> 
>>  
>> -- 
>>            
>> ∞
>> Shashwat Shriparv
>>  
>>  
> 
> 

Mime
View raw message