hive-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gopal V <gop...@apache.org>
Subject Re: Enabling Tez sessions on HiveServer2
Date Fri, 05 Dec 2014 02:32:45 GMT
On 12/3/14, 3:34 PM, Pala M Muthaia wrote:
> I didn't know doAs needs to be turned off. But I don't think that is
> something to give up - users create tables, manage data, query etc, and we
> need the queries/jobs to run as the user who submitted them for various
> purposes including authorization, auditing, table ownership etc.

Not sure if you're trying to use HiveServer2 with ACL'd tables.

https://cwiki.apache.org/confluence/display/Hive/SQL+Standard+Based+Hive+Authorization#SQLStandardBasedHiveAuthorization-Configuration

clearly indicates that to fully secure a HiveServer2 install for role 
based authorization, doAs has to be turned off for the query execution.

doAs=false is required for authorization, auditing and table ownership 
to work correctly.

Cheers,
Gopal

Mime
View raw message