[AMBARI-5289] HiveServer2 default security configuration changes - ASF JIRA

Log work

Agile Board

Rank to Top

Rank to Bottom

Attach files

Attach Screenshot

Bulk Copy Attachments

Bulk Move Attachments

Voters

Watch issue

Watchers

Create sub-task

Convert to sub-task

Link

Clone

Labels

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.5.0
Fix Version/s: 1.5.1
Component/s: ambari-server
Labels:
None

Description

1.
For hive server2 startup commandline option, ambari should specify the following configuration values:
-hiveconf hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory
-hiveconf hive.security.authorization.enabled=true
-hiveconf hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator.
2.
Ambari has been specifying the config hive.metastore.uris="" . It would be better to stop specifying this. With changes in hive security, there is some overhead of using embedded metastore from hive-server2.
3.
There is a new config parameter "hive.users.in.admin.role" that is important to security. If user is specified as value of this config, that user has superuser privileges (meant for a user playing the DBA role).
This should be set in hive-site.xml (used by metastore server). If it's set a default admin for any other service we can do the same here.