You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Don Bosco Durai (JIRA)" <ji...@apache.org> on 2015/11/23 19:15:11 UTC
[jira] [Commented] (RANGER-738) Server-wide control over TRANFORM
clause in Hive
[ https://issues.apache.org/jira/browse/RANGER-738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15022630#comment-15022630 ]
Don Bosco Durai commented on RANGER-738:
----------------------------------------
[~scottgray1], thanks for your suggestions. Would it be more like UDF? Ranger restricts who can upload UDFs, similar are you suggesting we should restrict/allow who can execute TRANSFORM statement?
Thanks
> Server-wide control over TRANFORM clause in Hive
> ------------------------------------------------
>
> Key: RANGER-738
> URL: https://issues.apache.org/jira/browse/RANGER-738
> Project: Ranger
> Issue Type: New Feature
> Components: plugins
> Reporter: Scott C Gray
> Labels: features, security
>
> The TRANFORM statement in Hive is a big security hole with Hive run without impersonation, so when SQL Standard Authorization is enabled, the feature id completely disabled which is a bit of a sledgehammer approach to securing this statement.
> Sentry added support for restricting this statement at a per-user/group level, which should be adopted by Ranger.
> https://issues.apache.org/jira/browse/SENTRY-598
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)