You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@hive.apache.org by Raghavendran Chellappa <ra...@virtusa.com> on 2015/06/08 15:14:14 UTC

Hive custom authorization managers

Hi,

We need to implement the following custom authorization check:
"When a resource/file is accessed, a REST service lookup needs to be done (by passing the resource id & the user name). This REST service will provide a return value saying whether the user has permission to access the resource or not. We need a REST service because the authorization logic is very different from the standard authorization provided by Ranger. Also, the authorization logic needs to consider many contextual information of the resource than just the resource and the user name."

With this in mind, we realize that we need to implement a custom Ranger Plugin. The are the following questions:
1. Can we extend the extend Ranger HIVE plugin and add our call to the REST service? Are there some samples of this?
2. Do we need to implement a new Ranger Plugin for Hive?
3. In the either of the above cases, can we 'chain' the new/customized Ranger Plugin for Hive after the existing Ranger Plugin for Hive? I mean, can we list them as 2 separate plugins in "hive.security.authorization.manager" properties in the hive-site.xml?

thanks,
Raga


Raghavendran Chellappa
Associate Director - Technology
Virtusa Corp.
Mobile: +1-402.677.1413
Virtusa internal VOIP: 89538


-----------------------------------------------------------------------------------------
Virtusa was recently featured in Everest Group's PEAK Matrix for Banking Application Outsourcing,Life Sciences IT Outsourcing and Healthcare Payer Industry IT Outsourcing,Forrester Research's report on major mid-sized offshore IT services vendors, 2013 Forbes List of 100 Best Public Companies In America with revenue less than $1B and won the 2013 Frost & Sullivan Customer Value Leadership Award for System Integration for CEM in Healthcare.

-----------------------------------------------------------------------------------------
This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is intended for the addressee only. Any unauthorized disclosure, use, dissemination, copying, or distribution of this message or any of its attachments or the information contained in this e-mail, or the taking of any action based on it, is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail and delete this message.
-----------------------------------------------------------------------------------------