You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Balaji Ganesan (JIRA)" <ji...@apache.org> on 2015/12/05 02:02:10 UTC

[jira] [Commented] (RANGER-768) Hive Metastore Plugin

    [ https://issues.apache.org/jira/browse/RANGER-768?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15042509#comment-15042509 ] 

Balaji Ganesan commented on RANGER-768:
---------------------------------------

Thanks for creating this jira. If we design this right, this would be useful to Pig/Hive CLI users who currently rely only on HDFS permissions. 

> Hive Metastore Plugin
> ---------------------
>
>                 Key: RANGER-768
>                 URL: https://issues.apache.org/jira/browse/RANGER-768
>             Project: Ranger
>          Issue Type: New Feature
>          Components: admin, plugins
>            Reporter: Yan
>
> Currently there is no Ranger processing of Hive table meta store events that could result in privilege modifications. One example is that when a table is renamed by a Hive Server 2 client (the "beeline"), no proper privilege adjustments in Ranger are made to allow/deny previously allowed/denied users the same privileges as before. In addition, more advanced features, such as granting/denying similar accesses to Hive's HDFS data to users that have (or do not have) privileges in the Hive, would require that detailed metadata of the Hive table, the storage info to be specific, be available to Ranger in order to make the corresponding HDFS  data accessible to the Hive users directly.
> This plugin will depend upon the existing Ranger Hive plugin, so it shares the same "service" name as the associated Ranger Hive service deployed, and it will be "co-enabled" with the existing Ranger Hive plugin.
> Design doc will come soon.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)