[HIVE-24705] Create/Alter/Drop tables based on storage handlers in HS2 should be authorized by Ranger/Sentry - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.0.0-alpha-1
Component/s: None
Labels:
- pull-request-available

Description

With doAs=false in Hive3.x, whenever a user is trying to create a table based on storage handlers on external storage for ex: HBase table, the end user we are seeing is hive so we cannot really enforce the condition in Apache Ranger/Sentry on the end-user. So, we need to enforce this condition in the hive in the event of create/alter/drop tables based on storage handlers.

Built-in hive storage handlers like HbaseStorageHandler, KafkaStorageHandler e.t.c should implement a method getURIForAuthentication() which returns a URI that is formed from table properties. This URI can be sent for authorization to Ranger/Sentry.

Attachments

Issue Links

links to

GitHub Pull Request #1931

GitHub Pull Request #1960

Activity

People

Assignee:: Sai Hemanth Gantasala

Reporter:: Sai Hemanth Gantasala

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 29/Jan/21 17:39

Updated:: 17/Nov/22 08:48

Resolved:: 04/Aug/21 15:13

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1h 50m