You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Oleksiy Sayankin (JIRA)" <ji...@apache.org> on 2018/08/24 10:18:00 UTC
[jira] [Updated] (HIVE-20457) Create authorization mechanism for
granting/revoking privileges to change Hive properties
[ https://issues.apache.org/jira/browse/HIVE-20457?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleksiy Sayankin updated HIVE-20457:
------------------------------------
Description: At the moment any user in Hive can change any property of Hive. So he can set {{hive.exec.pre.hooks}} to hook that implements dangerous code. It would be nice to create roles and assign list of properties that particular role is able to modify. For example, {{admin}} role has permissions to change any property, and {{hive_client}} can change only {{hive.txn.timeout}}.
> Create authorization mechanism for granting/revoking privileges to change Hive properties
> -----------------------------------------------------------------------------------------
>
> Key: HIVE-20457
> URL: https://issues.apache.org/jira/browse/HIVE-20457
> Project: Hive
> Issue Type: Improvement
> Components: Security
> Reporter: Oleksiy Sayankin
> Assignee: Oleksiy Sayankin
> Priority: Critical
> Labels: authorization
>
> At the moment any user in Hive can change any property of Hive. So he can set {{hive.exec.pre.hooks}} to hook that implements dangerous code. It would be nice to create roles and assign list of properties that particular role is able to modify. For example, {{admin}} role has permissions to change any property, and {{hive_client}} can change only {{hive.txn.timeout}}.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)