You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Ma Xiaoyu (JIRA)" <ji...@apache.org> on 2015/07/08 11:26:04 UTC
[jira] [Commented] (SPARK-5159) Thrift server does not respect
hive.server2.enable.doAs=true
[ https://issues.apache.org/jira/browse/SPARK-5159?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14618277#comment-14618277 ]
Ma Xiaoyu commented on SPARK-5159:
----------------------------------
I was investigating this issue and it seems doAs in Hiveserver2 code was working. The problem is when it forwarding some event in DAGScheduler, the event goes through different thread and the ticket in receiving side thread is not the same as sending side.
The proxy user became the real user who started the hiveserver2 services.
Is that the root cause?
I might be making patch if so.
> Thrift server does not respect hive.server2.enable.doAs=true
> ------------------------------------------------------------
>
> Key: SPARK-5159
> URL: https://issues.apache.org/jira/browse/SPARK-5159
> Project: Spark
> Issue Type: Bug
> Components: SQL
> Affects Versions: 1.2.0
> Reporter: Andrew Ray
>
> I'm currently testing the spark sql thrift server on a kerberos secured cluster in YARN mode. Currently any user can access any table regardless of HDFS permissions as all data is read as the hive user. In HiveServer2 the property hive.server2.enable.doAs=true causes all access to be done as the submitting user. We should do the same.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org