hive-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Raghavendran Chellappa <raghavendr...@virtusa.com>
Subject Hive custom authorization managers
Date Mon, 08 Jun 2015 13:14:14 GMT
Hi,

We need to implement the following custom authorization check:
"When a resource/file is accessed, a REST service lookup needs to be done (by passing the
resource id & the user name). This REST service will provide a return value saying whether
the user has permission to access the resource or not. We need a REST service because the
authorization logic is very different from the standard authorization provided by Ranger.
Also, the authorization logic needs to consider many contextual information of the resource
than just the resource and the user name."

With this in mind, we realize that we need to implement a custom Ranger Plugin. The are the
following questions:
1. Can we extend the extend Ranger HIVE plugin and add our call to the REST service? Are there
some samples of this?
2. Do we need to implement a new Ranger Plugin for Hive?
3. In the either of the above cases, can we 'chain' the new/customized Ranger Plugin for Hive
after the existing Ranger Plugin for Hive? I mean, can we list them as 2 separate plugins
in "hive.security.authorization.manager" properties in the hive-site.xml?

thanks,
Raga


Raghavendran Chellappa
Associate Director - Technology
Virtusa Corp.
Mobile: +1-402.677.1413
Virtusa internal VOIP: 89538


-----------------------------------------------------------------------------------------
Virtusa was recently featured in Everest Group's PEAK Matrix for Banking Application Outsourcing,Life
Sciences IT Outsourcing and Healthcare Payer Industry IT Outsourcing,Forrester Research's
report on major mid-sized offshore IT services vendors, 2013 Forbes List of 100 Best Public
Companies In America with revenue less than $1B and won the 2013 Frost & Sullivan Customer
Value Leadership Award for System Integration for CEM in Healthcare.

-----------------------------------------------------------------------------------------
This message, including any attachments, contains confidential information intended for a
specific individual and purpose, and is intended for the addressee only. Any unauthorized
disclosure, use, dissemination, copying, or distribution of this message or any of its attachments
or the information contained in this e-mail, or the taking of any action based on it, is strictly
prohibited. If you are not the intended recipient, please notify the sender immediately by
return e-mail and delete this message.
-----------------------------------------------------------------------------------------

Mime
View raw message