Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-7361

using authorization api for RESET, DFS, ADD, DELETE, COMPILE commands

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.14.0
    • Component/s: Authorization
    • Labels:
    • Release Note:
      Hide
      This also changes behavior in SQL std auth -
      reset command is now allowed.
      dfs,add,delete,compile commands are now allowed for the admin user.
      Show
      This also changes behavior in SQL std auth - reset command is now allowed. dfs,add,delete,compile commands are now allowed for the admin user.

      Description

      The only way to disable the commands SET, RESET, DFS, ADD, DELETE and COMPILE that is available currently is to use the hive.security.command.whitelist parameter.

      Some of these commands are disabled using this configuration parameter for security reasons when SQL standard authorization is enabled. However, it gets disabled in all cases.

      If authorization api is used authorize the use of these commands, it will give authorization implementations the flexibility to allow/disallow these commands based on user privileges.

        Attachments

        1. HIVE-7361.5.patch
          74 kB
          Thejas M Nair
        2. HIVE-7361.4.patch
          75 kB
          Thejas M Nair
        3. HIVE-7361.3.patch
          76 kB
          Thejas M Nair
        4. HIVE-7361.2.patch
          65 kB
          Thejas M Nair
        5. HIVE-7361.1.patch
          61 kB
          Thejas M Nair

          Issue Links

            Activity

              People

              • Assignee:
                thejas Thejas M Nair
                Reporter:
                thejas Thejas M Nair
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: