You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Naveen Gangam (Jira)" <ji...@apache.org> on 2021/08/04 15:14:00 UTC
[jira] [Resolved] (HIVE-24705) Create/Alter/Drop tables based on
storage handlers in HS2 should be authorized by Ranger/Sentry
[ https://issues.apache.org/jira/browse/HIVE-24705?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Naveen Gangam resolved HIVE-24705.
----------------------------------
Fix Version/s: 4.0.0
Resolution: Fixed
Fix has been committed to master. Thanks for the contribution [~hemanth619]
> Create/Alter/Drop tables based on storage handlers in HS2 should be authorized by Ranger/Sentry
> -----------------------------------------------------------------------------------------------
>
> Key: HIVE-24705
> URL: https://issues.apache.org/jira/browse/HIVE-24705
> Project: Hive
> Issue Type: Improvement
> Reporter: Sai Hemanth Gantasala
> Assignee: Sai Hemanth Gantasala
> Priority: Major
> Labels: pull-request-available
> Fix For: 4.0.0
>
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> With doAs=false in Hive3.x, whenever a user is trying to create a table based on storage handlers on external storage for ex: HBase table, the end user we are seeing is hive so we cannot really enforce the condition in Apache Ranger/Sentry on the end-user. So, we need to enforce this condition in the hive in the event of create/alter/drop tables based on storage handlers.
> Built-in hive storage handlers like HbaseStorageHandler, KafkaStorageHandler e.t.c should implement a method getURIForAuthentication() which returns a URI that is formed from table properties. This URI can be sent for authorization to Ranger/Sentry.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)