[HIVE-5928] Add a hive authorization plugin api that does not assume privileges needed - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.13.0
Component/s: Authorization
Labels:
None

Description

The existing HiveAuthorizationProvider interface implementations can be used to support custom authorization models.
But this interface limits the customization for these reasons -
1. It has assumptions about the privileges required for an action.
2. It does have not functions that you can implement for having custom ways of doing the actions of access control statements.

This jira proposes a new interface HiveAuthorizer that does not make assumptions of the privileges required for the actions. The authorize() functions will be equivalent of authorize(<operation type>, <input objects>, <output objects>). It will also have functions that will be called from the access control statements.

The current HiveAuthorizationProvider will continue to be supported for backward compatibility.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

hive_auth_class_preview.txt
06/Jan/14 23:32
2 kB
Thejas Nair
HIVE-5928.1.patch
14/Jan/14 03:47
57 kB
Thejas Nair
HIVE-5928.2.patch
15/Jan/14 23:29
62 kB
Thejas Nair

Issue Links

blocks

HIVE-5929 SQL std auth - Access control statement updates

Resolved

HIVE-6112 SQL std auth - support new privileges INSERT, DELETE

Resolved

links to

reviewboard link

Activity

People

Assignee:: Thejas Nair

Reporter:: Thejas Nair

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 03/Dec/13 21:03

Updated:: 27/Jan/14 23:29

Resolved:: 17/Jan/14 21:26

Time Tracking

Estimated:

120h

Remaining:

Logged: