You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hive.apache.org by "Edward Capriolo (JIRA)" <ji...@apache.org> on 2009/03/17 17:46:50 UTC
[jira] Commented: (HIVE-78) Authentication infrastructure for Hive
[ https://issues.apache.org/jira/browse/HIVE-78?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12682719#action_12682719 ]
Edward Capriolo commented on HIVE-78:
-------------------------------------
We also have to look at this on the file system level. For example, files in my warehouse are owned by the user who created the table.
{quote}
/user/hive/warehouse/edward <dir> 2008-10-30 17:13 rwxr-xr-x edward supergroup
{quote}
Regardless of what permissions are granted in the metastore (via this jira), hadoop ACL governs what a user can do to that file.
This is not an issue in mysql. In a typical mysql deployment all of the data files are owned by a mysql user.
I do not see a clear cut solution for this.
In one scenario we make sure all the files in the warehouse are owned RW to all, or owned by a specific user. A component like HiveServer, CLI, or HWI would decide if the user action would succeed based on the meta data.
The other option is that an operation like 'GRANT SELECT' would have to physically modify the Hadoop ACL/owner. This method will not help us get the fine grained control we desire.
> Authentication infrastructure for Hive
> --------------------------------------
>
> Key: HIVE-78
> URL: https://issues.apache.org/jira/browse/HIVE-78
> Project: Hadoop Hive
> Issue Type: New Feature
> Components: Server Infrastructure
> Reporter: Ashish Thusoo
> Assignee: Edward Capriolo
>
> Allow hive to integrate with existing user repositories for authentication and authorization infromation.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.