[HIVE-5837] SQL standard based secure authorization for hive - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Major
Resolution: Done
Affects Version/s: None
Fix Version/s: None
Component/s: Authorization, SQLStandardAuthorization
Labels:
None

Description

The current default authorization is incomplete and not secure. The alternative of storage based authorization provides security but does not provide fine grained authorization.

The proposal is to support secure fine grained authorization in hive using SQL standard based authorization model.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SQL standard authorization hive.pdf
16/Nov/13 03:38
201 kB
Thejas Nair

Issue Links

is related to

HIVE-6796 Create/drop roles is case-sensitive whereas 'set role' is case insensitive

Resolved

HIVE-6846 allow safe set commands with sql standard authorization

Resolved

HIVE-6919 hive sql std auth select query fails on partitioned tables

Closed

HIVE-2302 Allow grant privileges on granting privileges.

Resolved

HIVE-6667 Need support for "show tables" authorization

Patch Available

HIVE-6827 Disable insecure commands with std sql auth

Resolved

(1 is related to)

Sub-Tasks

SQL std auth - parser changes

Resolved

Thejas Nair

100%

Add a hive authorization plugin api that does not assume privileges needed

Resolved

Thejas Nair

100%

SQL std auth - Access control statement updates

Resolved

Thejas Nair

16%

SQL std auth - implement set roles, show current roles

Resolved

Ashutosh Chauhan

SQL std auth - add metastore get_principals_in_role api, support SHOW PRINCIPALS role_name

Resolved

Thejas Nair

SQL std auth - add list_all_roles to metastore api

Resolved

Unassigned

100%

SQL std auth - get_privilege_set should check role hierarchy

Resolved

Unassigned

SQL std auth - add support to metastore api to list all privileges for a user

Resolved

Unassigned

SQL std auth - support,authorize new 'show grant..' statements

Resolved

Unassigned

10.

SQL std auth - support 'show roles'

Resolved

Navis Ryu

100%

11.

SQL std auth - support DESCRIBE ROLE

Resolved

Thejas Nair

12.

SQL std auth - authorize DESCRIBE ROLE role

Resolved

Thejas Nair

13.

SQL std auth - authorize show all roles, create role, drop role

Resolved

Ashutosh Chauhan

14.

SQL std auth - authorize grant/revoke roles

Resolved

Ashutosh Chauhan

15.

SQL std auth - authorize grant/revoke on table

Resolved

Thejas Nair

100%

16.

SQL std auth - metastore api support for get_privilege_set api that checks specific role

Resolved

Unassigned

100%

17.

SQL std auth - authorize statements that work with paths

Resolved

Thejas Nair

18.

SQL std auth - bootstrap SUPERUSER roles

Resolved

Ashutosh Chauhan

100%

19.

SQL std auth - special handling of PUBLIC role

Resolved

Ashutosh Chauhan

100%

20.

SQL std auth - authorize create database

Resolved

Thejas Nair

21.

sql standard auth should disable commands that impose security risk

Resolved

Ashutosh Chauhan

22.

SQL std auth - support granted-by in grant statements

Resolved

Unassigned

23.

SQL std auth - support new privileges INSERT, DELETE

Resolved

Thejas Nair

100%

24.

SQL std auth - make role/user optional in grant/revoke statements

Resolved

Thejas Nair

25.

support grant/revoke on views - parser changes

Resolved

Ashutosh Chauhan

100%

26.

sql std auth - authorize 'show roles'

Resolved

Ashutosh Chauhan

27.

sql std auth - view authorization should not underlying table. More tests and fixes.

Resolved

Thejas Nair

28.

sql std auth - support 'with admin option' in revoke role metastore api

Closed

Jason Dere

29.

sql std auth - revoke role should support sql standard syntax for admin option

Resolved

Unassigned

30.

sql standard auth - use admin option specified in grant/revoke role statement

Resolved

Ashutosh Chauhan

31.

sql std auth - disallow cycles between roles

Resolved

Thejas Nair

100%

32.

sql std auth - pass username from sessionstate to v2 authorization interface

Resolved

Thejas Nair

100%

33.

sql std auth - document configuration necessary for security

Resolved

Thejas Nair

34.

sql std auth - revoke privileges api in metastore should check grantor user

Resolved

Unassigned

35.

sql std auth - database should have an owner

Resolved

Ashutosh Chauhan

36.

Test authorization_revoke_table_priv.q is failing on trunk

Resolved

Thejas Nair

37.

Disallow transform clause in sql std authorization mode

Resolved

Ashutosh Chauhan

38.

sql std auth - new users in admin role config should get added

Resolved

Ashutosh Chauhan

39.

SQL std auth - revert change for view keyword in grant statement

Resolved

Thejas Nair

40.

SQL std auth - allow grant/revoke roles if user has ADMIN OPTION

Resolved

Ashutosh Chauhan

41.

Restrict function create/drop to admin roles

Resolved

Jason Dere

42.

sql std auth - add command to change owner of database

Resolved

Thejas Nair

43.

SQL std auth - only db owner should be allowed to create table within a db

Resolved

Ashutosh Chauhan

44.

SQL std auth - pass username from hiveserver2 to sessionstate

Resolved

Thejas Nair

45.

"show grant ... on all" fails with NPE

Resolved

Thejas Nair

46.

sql std auth - show grant statement for all principals throws NPE

Resolved

Thejas Nair

47.

Revoke privilege should support revoking of grant option

Closed

Jason Dere

Activity

People

Assignee:: Thejas Nair

Reporter:: Thejas Nair

Votes:: 0 Vote for this issue

Watchers:: 26 Start watching this issue

Dates

Created:: 16/Nov/13 03:36

Updated:: 01/Oct/19 22:07

Resolved:: 15/Sep/14 17:56

Time Tracking

Estimated:

1,284h

Remaining:

632h

Logged:

497.6h

Include sub-tasks

Details

Description

Attachments

Attachments

Issue Links

Sub-Tasks

Activity

People

Dates

Time Tracking

Not Specified