Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
Any user who has direct access to metastore can make metastore api calls that modify the authorization policy.
The users who can make direct metastore api calls in a secure cluster configuration are usually the 'cluster insiders' such as Pig and MR users, who are not (securely) covered by the metastore based authorization policy. But it makes sense to disallow access from such users as well.
Attachments
Attachments
Issue Links
- is related to
-
HIVE-7759 document hive cli authorization behavior when SQL std auth is enabled
- Resolved
- links to