Details
-
Sub-task
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
We need to add authorization support for data connectors in hive. The default behavior should be
1) Connectors can be create/dropped by users in admin role.
2) Connectors have READ and WRITE permissions.
- READ permissions are required to fetch a connector object or fetch all connector names. So to create a REMOTE database using a connector, users will need READ permission on the connector. DDL queries like "show connectors" and "describe <connector>" will check for read access on the connector as well.
- WRITE permissions are required to alter/drop a connector. DDL queries like "alter connector" and "drop connector" will need WRITE access on the connector.
Adding this support, Ranger can integrate with this.
Attachments
Issue Links
- breaks
-
HIVE-25571 Fix Metastore script for Oracle Database
- Resolved
- relates to
-
HIVE-26245 Fix some issues for data connector authorization
- Open
- links to