Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-2241

Thrift MetaStore interface bypasses authorization checks

    XMLWordPrintableJSON

Details

    Description

      Hive's authorization mechanism works with DML and DDL statements only. Authorization checks are not applied when a Thrift client directly accesses the Metastore's Thrift interface, e.g. create_table(), drop_table(), alter_table(), get_databases(), get_tables(), etc.

      Catalog functions such as get_databases() and get_tables() are directly accessed by JDBC and ODBC drivers.

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. HIVE-2876 Need more server side authorization for Hive Metastore operations

          • Major - Major loss of function.
          • Resolved
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. HCATALOG-244 Security in Hcat

          • Major - Major loss of function.
          • Open

          Activity

            People

              enis Enis Soztutar
              cwsteinbach Carl Steinbach
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: