You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hive.apache.org by "Thejas M Nair (JIRA)" <ji...@apache.org> on 2014/02/06 00:28:17 UTC

[jira] [Commented] (HIVE-5837) SQL standard based secure authorization for hive

    [ https://issues.apache.org/jira/browse/HIVE-5837?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13892750#comment-13892750 ] 

Thejas M Nair commented on HIVE-5837:
-------------------------------------

The current proposal does not talk about what determines the privilege to create a view and what privileges the creator of view will have on the new view.
Based on my reading of the standard (only looking at select access on views because of what hive supports): View has select with grant for user A creating the view, if user has select-grant on all the input columns in query-expression.
There also seems to be rule about being able to create views without grant privileges on tables (just select), but I think we can just start with allowing on tables for which user has select-with-grant.

The current proposal says that database ownership will determine the privileges to alter and drop table. But this would be a problem for migration, for clusters where there are many tables under a database owned by different users. I propose that we base alter and drop table privilege on ownership of the table instead.


> SQL standard based secure authorization for hive
> ------------------------------------------------
>
>                 Key: HIVE-5837
>                 URL: https://issues.apache.org/jira/browse/HIVE-5837
>             Project: Hive
>          Issue Type: New Feature
>          Components: Authorization
>            Reporter: Thejas M Nair
>            Assignee: Thejas M Nair
>         Attachments: SQL standard authorization hive.pdf
>
>
> The current default authorization is incomplete and not secure. The alternative of storage based authorization provides security but does not provide fine grained authorization.
> The proposal is to support secure fine grained authorization in hive using SQL standard based authorization model.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)