You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Eugene Chung (Jira)" <ji...@apache.org> on 2020/05/05 06:37:00 UTC
[jira] [Commented] (HIVE-23296) Setting Tez caller ID with the
actual Hive user
[ https://issues.apache.org/jira/browse/HIVE-23296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17099569#comment-17099569 ]
Eugene Chung commented on HIVE-23296:
-------------------------------------
This is the result of my misunderstanding of Hadoop impersonation feature.
> Setting Tez caller ID with the actual Hive user
> -----------------------------------------------
>
> Key: HIVE-23296
> URL: https://issues.apache.org/jira/browse/HIVE-23296
> Project: Hive
> Issue Type: Improvement
> Components: Tez
> Reporter: Eugene Chung
> Assignee: Eugene Chung
> Priority: Major
> Attachments: HIVE-23296.01.patch, Screen Shot 2020-04-24 at 17.20.34.png
>
>
> On the kerberized Hadoop environment, a submitter of an YARN job is the name part of the Hive server principal. A caller ID of the job is made of the OS user of the Hive server process.
> The view and modify ACLs of the Hive server for all Tez tasks are set by org.apache.hadoop.hive.ql.exec.tez.TezTask#setAccessControlsForCurrentUser() so that the admin who has the Hive server principal can see all tasks from tez-ui. But the admin hardly knows who executed each query.
> I suggest to change the caller ID to include the actual Hive user. If the user is not known, the OS user of the Hive server process is included as is.
> The attached picture shows that 'Caller ID' includes 'user1' which is the Kerberos user name of the actual Hive user.
> !Screen Shot 2020-04-24 at 17.20.34.png|width=683,height=29!
--
This message was sent by Atlassian Jira
(v8.3.4#803005)