Details
-
Improvement
-
Status: Open
-
Critical
-
Resolution: Unresolved
-
None
-
None
Description
At the moment any user in Hive can change any property of Hive. So he can set hive.exec.pre.hooks to hook that implements dangerous code. It would be nice to create roles and assign list of properties that particular role is able to modify. For example, admin role has permissions to change any property, and hive_client can change only hive.txn.timeout.