You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spark.apache.org by t4 <re...@hotmail.com> on 2019/02/16 00:19:47 UTC
SparkThriftServer Authorization design
Goal is to provide ability to deny/allow access to given tables on a per user
basis (this is the user connecting via jdbc to spark thrift server. ie with
LDAP creds). ie user bob can see table A but not table B. user mary can see
table B but not table A.
What are folks thoughts on the approach?
1. SqlStdAuth like Hive has already (any reason Spark does not have this
yet?)
2. Apache Ranger
3. Cloudera Sentry
4. json spec file like 'File Based Authorization' section in
https://github.com/prestodb/presto/blob/master/presto-docs/src/main/sphinx/connector/hive-security.rst
--
Sent from: http://apache-spark-developers-list.1001551.n3.nabble.com/
---------------------------------------------------------------------
To unsubscribe e-mail: dev-unsubscribe@spark.apache.org
Re: SparkThriftServer Authorization design
Posted by Marco Gaido <ma...@gmail.com>.
Is this a feature request or a proposal? If it is the latter, may you
please provide a design doc, so the community can look at it?
Otherwise I think one of the main issues with authorization in STS is that
all the queries are actually run inside the same spark job and hence with
the same user. There are other projects trying to address those
limitations. One of them, for instance, is Livy, where a Thrift server has
been recently introduced in order to overcome some of STS's limitations. So
you might probably want to look at it.
Thanks,
Marco
Il giorno sab 16 feb 2019 alle ore 01:19 t4 <re...@hotmail.com> ha
scritto:
> Goal is to provide ability to deny/allow access to given tables on a per
> user
> basis (this is the user connecting via jdbc to spark thrift server. ie with
> LDAP creds). ie user bob can see table A but not table B. user mary can see
> table B but not table A.
>
> What are folks thoughts on the approach?
> 1. SqlStdAuth like Hive has already (any reason Spark does not have this
> yet?)
> 2. Apache Ranger
> 3. Cloudera Sentry
> 4. json spec file like 'File Based Authorization' section in
>
> https://github.com/prestodb/presto/blob/master/presto-docs/src/main/sphinx/connector/hive-security.rst
>
>
>
> --
> Sent from: http://apache-spark-developers-list.1001551.n3.nabble.com/
>
> ---------------------------------------------------------------------
> To unsubscribe e-mail: dev-unsubscribe@spark.apache.org
>
>