Metastore thrift api permission

[侯宗田 <zo...@icloud.com>]

Hello,everyone:
I am using HMS thrift api to get metadata of hive table, it is ok in my local host. But I am wondering how is the metastore access permission is being controlled. Is it the metadata can be accessed by thrift client just by the HMS server IP and port or it need extra authentication?

Re: Metastore thrift api permission

[侯宗田 <zo...@icloud.com>]

Thank you for your reply. So, if this parameter, hive.metastore.pre.event.listeners is not set, there will be no authorization, every components can access the metadata.
And, if this parameter, hive.security.metastore.authorization.auth.reads is set to false, everyone can read the metadata, am I right?

   

> 在 2018年5月30日，上午4:50，Thejas Nair <th...@gmail.com> 写道：
> 
> This covers metastore api authorization -
> https://cwiki.apache.org/confluence/display/Hive/Storage+Based+Authorization+in+the+Metastore+Server
> 
> 
> On Tue, May 29, 2018 at 8:29 AM, 侯宗田 <zo...@icloud.com> wrote:
>> Hello,everyone:
>> I am using HMS thrift api to get metadata of hive table, it is ok in my local host. But I am wondering how is the metastore access permission is being controlled. Is it the metadata can be accessed by thrift client just by the HMS server IP and port or it need extra authentication?

Re: Metastore thrift api permission

[Thejas Nair <th...@gmail.com>]

This covers metastore api authorization -
https://cwiki.apache.org/confluence/display/Hive/Storage+Based+Authorization+in+the+Metastore+Server


On Tue, May 29, 2018 at 8:29 AM, 侯宗田 <zo...@icloud.com> wrote:
> Hello,everyone:
> I am using HMS thrift api to get metadata of hive table, it is ok in my local host. But I am wondering how is the metastore access permission is being controlled. Is it the metadata can be accessed by thrift client just by the HMS server IP and port or it need extra authentication?