You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Premchandra Preetham Kukillaya (JIRA)" <ji...@apache.org> on 2015/06/27 14:32:04 UTC

[jira] [Updated] (SPARK-8659) Spark SQL Thrift Server does NOT honour hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory

     [ https://issues.apache.org/jira/browse/SPARK-8659?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Premchandra Preetham Kukillaya updated SPARK-8659:
--------------------------------------------------
    Summary: Spark SQL Thrift Server does NOT honour hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory   (was: SQL Standard Based Hive Authorisation of Hive.13 does not work while pointing JDBC Application to Spark Thrift Server. )

> Spark SQL Thrift Server does NOT honour hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory 
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SPARK-8659
>                 URL: https://issues.apache.org/jira/browse/SPARK-8659
>             Project: Spark
>          Issue Type: Bug
>          Components: SQL
>    Affects Versions: 1.3.1
>         Environment: Linux
>            Reporter: Premchandra Preetham Kukillaya
>
> It seems like while pointing JDBC/ODBC Driver to Spark SQLThrift Service ,the Hive's security  feature SQL based authorisation is not working. It ignores the security settings passed through the command line. The arguments for command line is given below for reference
> The problem is user X can do select on table belonging to user Y, though permission for table is explicitly defined and its a data security risk.
> I am using Hive .13.1 and Spark 1.3.1 and here is the list arguments passed to Spark SQL Thrift Server.
> ./start-thriftserver.sh --hiveconf hive.server2.thrift.port=10001 --hiveconf xxxxhostname.compute.amazonaws.com --hiveconf hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator --hiveconf hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory --hiveconf hive.server2.enable.doAs=false --hiveconf hive.security.authorization.enabled=true --hiveconf javax.jdo.option.ConnectionURL=jdbc:mysql://localhost:3306/hive?createDatabaseIfNotExist=true --hiveconf javax.jdo.option.ConnectionDriverName=com.mysql.jdbc.Driver --hiveconf javax.jdo.option.ConnectionUserName=hive --hiveconf javax.jdo.option.ConnectionPassword=hive



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org