I propose that we base alter and drop table privilege on ownership of the table instead.
Ok, would this would deviate from the "SQL Standard"?
Do have any opinion on how to deal with privilege on URI object based on your experience? What should it mean, should it mean the privilege applies to the directory and its sub dirs?
To avoid re-implementing file system permissions I'd suggest that once a prefix to a URI is granted, that all children in that URI are also granted. Of course the file system permissions will still need to be there for the URI to be usable.
Can things like symlinks pose security holes?
There is no way that symlinks can be securely followed in HDFS therefore following symlinks must be disabled for this model to be secure.