hive-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alan Gates <alanfga...@gmail.com>
Subject Re: how to set column level privileges
Date Thu, 26 Mar 2015 15:23:55 GMT
Column level permissions was added to Hive default authorization in 
HIVE-5837.  That is why the TBL_COL_PRIV tables exists in the 
metastore.  The problem with default auth is it isn't really secure, as 
anyone can grant anybody (including themselves) any privilege.

  But Allen is correct that it doesn't work with the SQL Standard 
Authorization added in Hive 0.14.  The only method using SQL standard 
auth out of the box is views.  I believe using Apache Ranger (and maybe 
Apache Sentry, I'm not sure) with SQL standard auth you can get column 
level privileges.

Alan.

> Nitin Pawar <mailto:nitinpawar432@gmail.com>
> March 26, 2015 at 4:18
> Column level security in hive was added at HIVE-5837 
> <https://issues.apache.org/jira/browse/HIVE-5837>
>
> It has the PDF link for your readings.
>
> https://cwiki.apache.org/confluence/display/Hive/AuthDev talks about 
> setting column level permissions
>
>
>
>
> -- 
> Nitin Pawar
> Allen <mailto:bjallenwang@sina.com>
> March 26, 2015 at 4:09
>
> Thanks for your replay.
>
> If we handle the privileges by creating views, it will lead to lots of 
> views in our database.
>
> I found there is a table named TBL_COL_PRIV in hive metastore 
> database, maybe this table is related to column privilege,but it is 
> never used in hive. Anybody knew why?
>
>
>
> --------------------------------
>
>
> ----- 原始邮件 -----
> 发件人:Daniel Haviv <daniel.haviv@veracity-group.com>
> 收件人:"user@hive.apache.org" <user@hive.apache.org>
> 主题:Re: how to set column level privileges
> 日期:2015年03月26日 18点42分
>
> Create a view with the permitted columns and handle the privileges for it
>
> Daniel
>
> On 26 במרץ 2015, at 12:40, Allen <bjallenwang@sina.com 
> <mailto:bjallenwang@sina.com>> wrote:
>

Mime
View raw message