You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hive.apache.org by "Thejas M Nair (JIRA)" <ji...@apache.org> on 2013/12/03 22:04:35 UTC

[jira] [Created] (HIVE-5928) Add a hive authorization plugin api that does not assume privileges needed

Thejas M Nair created HIVE-5928:
-----------------------------------

             Summary: Add a hive authorization plugin api that does not assume privileges needed
                 Key: HIVE-5928
                 URL: https://issues.apache.org/jira/browse/HIVE-5928
             Project: Hive
          Issue Type: Sub-task
            Reporter: Thejas M Nair


The existing HiveAuthorizationProvider interface implementations can be used to support custom authorization models.
But this interface limits the customization for these reasons -
1. It has assumptions about the privileges required for an action.
2. It does have not functions that you can implement for having custom ways of doing the actions of access control statements.

This jira proposes a new interface HiveBaseAuthorizationProvider that does not make assumptions of the privileges required for the actions. The authorize() functions will be equivalent of authorize(<hive object>, <action>). It will also have functions that will be called from the access control statements.

The current HiveAuthorizationProvider will continue to be supported for backward compatibility. There will be a subclass of HiveBaseAuthorizationProvider that executes actions using this interface.




--
This message was sent by Atlassian JIRA
(v6.1#6144)