You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hive.apache.org by "Thejas M Nair (JIRA)" <ji...@apache.org> on 2014/04/05 00:47:19 UTC

[jira] [Resolved] (HIVE-6844) support separate configuration param for enabling authorization using new interface

     [ https://issues.apache.org/jira/browse/HIVE-6844?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Thejas M Nair resolved HIVE-6844.
---------------------------------

    Resolution: Invalid

I had wrong assumption about storage-based-authorization/metastore side authorization.
This config param hive.security.authorization.enabled is ignored by
the metastore, and it gets used only for client side authorization.
hive.metastore.pre.event.listeners setting can be used to control if metastore authorization is enabled or not.

> support separate configuration param for enabling authorization using new interface
> -----------------------------------------------------------------------------------
>
>                 Key: HIVE-6844
>                 URL: https://issues.apache.org/jira/browse/HIVE-6844
>             Project: Hive
>          Issue Type: Bug
>          Components: Authorization
>            Reporter: Thejas M Nair
>            Assignee: Thejas M Nair
>
> The existing configuration parameter *hive.security.authorization.enabled* is used for both "SQL query level authorization" at sql query compilation, and at "metatore api authorization" for the thrift metastore api calls. This makes it hard to flexibly/correctly configure the security settings.
> It should be possible to enable "SQL query level authorization" and "metastore api authorization" independently of each other.



--
This message was sent by Atlassian JIRA
(v6.2#6252)