pig-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Pig Wiki] Update of "Howl/AuthorizationImplNotes" by AshutoshChauhan
Date Tue, 07 Dec 2010 22:24:53 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Pig Wiki" for change notification.

The "Howl/AuthorizationImplNotes" page has been changed by AshutoshChauhan.
http://wiki.apache.org/pig/Howl/AuthorizationImplNotes

--------------------------------------------------

New page:
Few notes on the current (12/7/2010) implementation of Authorization in Howl.

warehouse dir is system-wide property and is configurable. It is considered as root data dir.
It will have 777, so every one can create dirs (and thus table in Howl) in it.

Enumerating all the possible directory hierarchies in  Howl. Everything in  following paths
is a dir except for part-00000  which is a file.
||<tablewidth="1157px" tableheight="285px" tablestyle="text-align:left">Unpartitioned
table with no database ||/user/hive/warehouse/mytable/part-00000 ||
||Partitioned table with no database ||/user/hive/warehouse/mytable/p1/part-00000 ||
||Unpartitioned table with database ||/user/hive/warehouse/mydatabase.db/mytable/part-00000
||
||Partitioned table with database ||/user/hive/warehouse/mydatabase.db/mytable/p1/part-00000
||




 * If user didn’t specify any permissions in his Create Table/DB statement, all dirs and
file gets created with default permission (which with current umask settings translate into
700).
 * If he did specify, then those will be used.  Partitions (at all levels) and files inherit
table-dir permissions
 * User is allowed to create a table (with no location specified) only if he has write permission
on parent directory (which will either be warehouse/ dir or mydatabase.db/ dir).
 * When location is specified in create table statement user must have a write permission
on the specified location.
 * Different users can create tables in a db if they have appropriate privilege.
 * Such table directories will have as owner the creating user, not the owner of the database
directory.
 * Since, a partition is created as a whole in a given job, all the files in a given partition
of a table can only be owned by one user. Same hold true for all the files in non-partitioned
table as well.

Mime
View raw message