Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-5289

HiveServer2 default security configuration changes

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.5.0
    • 1.5.1
    • ambari-server
    • None

    Description

      1.
      For hive server2 startup commandline option, ambari should specify the following configuration values:
      -hiveconf hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory
      -hiveconf hive.security.authorization.enabled=true
      -hiveconf hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator.
      2.
      Ambari has been specifying the config hive.metastore.uris="" . It would be better to stop specifying this. With changes in hive security, there is some overhead of using embedded metastore from hive-server2.
      3.
      There is a new config parameter "hive.users.in.admin.role" that is important to security. If user is specified as value of this config, that user has superuser privileges (meant for a user playing the DBA role).
      This should be set in hive-site.xml (used by metastore server). If it's set a default admin for any other service we can do the same here.

      Attachments

        Issue Links

          links to

          Web Link Review Board

          Activity

            People

              dsen Dmytro Sen
              dsen Dmytro Sen
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: