You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pig.apache.org by Apache Wiki <wi...@apache.org> on 2010/12/07 23:24:53 UTC

[Pig Wiki] Update of "Howl/AuthorizationImplNotes" by AshutoshChauhan

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Pig Wiki" for change notification.

The "Howl/AuthorizationImplNotes" page has been changed by AshutoshChauhan.
http://wiki.apache.org/pig/Howl/AuthorizationImplNotes

--------------------------------------------------

New page:
Few notes on the current (12/7/2010) implementation of Authorization in Howl.

warehouse dir is system-wide property and is configurable. It is considered as root data dir. It will have 777, so every one can create dirs (and thus table in Howl) in it.

Enumerating all the possible directory hierarchies in  Howl. Everything in  following paths is a dir except for part-00000  which is a file.
||<tablewidth="1157px" tableheight="285px" tablestyle="text-align:left">Unpartitioned table with no database ||/user/hive/warehouse/mytable/part-00000 ||
||Partitioned table with no database ||/user/hive/warehouse/mytable/p1/part-00000 ||
||Unpartitioned table with database ||/user/hive/warehouse/mydatabase.db/mytable/part-00000 ||
||Partitioned table with database ||/user/hive/warehouse/mydatabase.db/mytable/p1/part-00000 ||




 * If user didn’t specify any permissions in his Create Table/DB statement, all dirs and file gets created with default permission (which with current umask settings translate into 700).
 * If he did specify, then those will be used.  Partitions (at all levels) and files inherit table-dir permissions
 * User is allowed to create a table (with no location specified) only if he has write permission on parent directory (which will either be warehouse/ dir or mydatabase.db/ dir).
 * When location is specified in create table statement user must have a write permission on the specified location.
 * Different users can create tables in a db if they have appropriate privilege.
 * Such table directories will have as owner the creating user, not the owner of the database directory.
 * Since, a partition is created as a whole in a given job, all the files in a given partition of a table can only be owned by one user. Same hold true for all the files in non-partitioned table as well.