hive-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shreepadma Venugopalan <shreepa...@cloudera.com>
Subject Re: How to prevent user drop table in Hive metadata?
Date Sat, 23 Nov 2013 00:25:40 GMT
Apache Sentry is already available and made its first incubating release a
couple of months back.


On Fri, Nov 22, 2013 at 3:06 PM, Echo Li <echolql@gmail.com> wrote:

> Thanks all, that's all very helpful information.
>
> Shreepadma, when will the Apache Sentry come GA?
>
>
> On Fri, Nov 22, 2013 at 2:36 PM, Shreepadma Venugopalan <
> shreepadma@apache.org> wrote:
>
>> Apache Sentry (incubating) provides fine-grained role-based authorization
>> for Hive among other components of the Hadoop ecosystem. It currently
>> supports fully secure, fine-grained, role-based authorization for Hive and
>> can be used to prevent the scenario described earlier i.e., prevent a user
>> from dropping a table the user shouldn't be allowed to drop.
>>
>> Shreepadma
>>
>>
>> On Fri, Nov 22, 2013 at 12:55 PM, <simon.2.thompson@bt.com> wrote:
>>
>>> Thanks Alan - I'll fwd the spec in the Jira to some of our security and
>>> integrity people for comment.
>>>
>>> Simon
>>> ----
>>> Dr. Simon Thompson
>>>
>>> ________________________________________
>>> From: Alan Gates [gates@hortonworks.com]
>>> Sent: 22 November 2013 20:53
>>> To: user@hive.apache.org
>>> Subject: Re: How to prevent user drop table in Hive metadata?
>>>
>>> See https://issues.apache.org/jira/browse/HIVE-5837 for a JIRA
>>> addressing this.
>>>
>>> Also, you can use the StorageBasedAuthorizationProvider in Hive, which
>>> bases metadata security on file security.  So if the user doesn't have
>>> permissions to remove the directory that stores the table data, they won't
>>> have permissions to drop the table.  This isn't perfect, but it's a start.
>>>
>>> Alan.
>>>
>>> On Nov 22, 2013, at 11:49 AM, <simon.2.thompson@bt.com> <
>>> simon.2.thompson@bt.com> wrote:
>>>
>>> > Has no one raised a Jira ticket ?
>>> >
>>> > ----
>>> > Dr. Simon Thompson
>>> >
>>> > ________________________________________
>>> > From: Biswajit Nayak [biswajit.nayak@inmobi.com]
>>> > Sent: 22 November 2013 19:45
>>> > To: user@hive.apache.org
>>> > Subject: Re: How to prevent user drop table in Hive metadata?
>>> >
>>> > Hi Echo,
>>> >
>>> > I dont think there is any to prevent this. I had the same concern in
>>> hbase, but found out that it is assumed that user using the system are very
>>> much aware of it.  I am into hive from last 3 months, was looking for some
>>> kind of way here, but no luck till now..
>>> >
>>> > Thanks
>>> > Biswa
>>> >
>>> > On 23 Nov 2013 01:06, "Echo Li" <echolql@gmail.com<mailto:
>>> echolql@gmail.com>> wrote:
>>> > Good Friday!
>>> >
>>> > I was trying to apply certain level of security in our hive data
>>> warehouse, by modifying access mode of directories and files on hdfs to 755
>>> I think it's good enough for a new user to remove data, however the user
>>> still can drop the table definition in hive cli, seems the "revoke" doesn't
>>> help much, is there any way to prevent this?
>>> >
>>> >
>>> > Thanks,
>>> > Echo
>>> >
>>> > _____________________________________________________________
>>> > The information contained in this communication is intended solely for
>>> the use of the individual or entity to whom it is addressed and others
>>> authorized to receive it. It may contain confidential or legally privileged
>>> information. If you are not the intended recipient you are hereby notified
>>> that any disclosure, copying, distribution or taking any action in reliance
>>> on the contents of this information is strictly prohibited and may be
>>> unlawful. If you have received this communication in error, please notify
>>> us immediately by responding to this email and then delete it from your
>>> system. The firm is neither liable for the proper and complete transmission
>>> of the information contained in this communication nor for any delay in its
>>> receipt.
>>>
>>>
>>> --
>>> CONFIDENTIALITY NOTICE
>>> NOTICE: This message is intended for the use of the individual or entity
>>> to
>>> which it is addressed and may contain information that is confidential,
>>> privileged and exempt from disclosure under applicable law. If the reader
>>> of this message is not the intended recipient, you are hereby notified
>>> that
>>> any printing, copying, dissemination, distribution, disclosure or
>>> forwarding of this communication is strictly prohibited. If you have
>>> received this communication in error, please contact the sender
>>> immediately
>>> and delete it from your system. Thank You.
>>>
>>
>>
>

Mime
View raw message