Hive
  1. Hive
  2. HIVE-7361

using authorization api for RESET, DFS, ADD, DELETE, COMPILE commands

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.14.0
    • Component/s: Authorization
    • Labels:
    • Release Note:
      Hide
      This also changes behavior in SQL std auth -
      reset command is now allowed.
      dfs,add,delete,compile commands are now allowed for the admin user.
      Show
      This also changes behavior in SQL std auth - reset command is now allowed. dfs,add,delete,compile commands are now allowed for the admin user.

      Description

      The only way to disable the commands SET, RESET, DFS, ADD, DELETE and COMPILE that is available currently is to use the hive.security.command.whitelist parameter.

      Some of these commands are disabled using this configuration parameter for security reasons when SQL standard authorization is enabled. However, it gets disabled in all cases.

      If authorization api is used authorize the use of these commands, it will give authorization implementations the flexibility to allow/disallow these commands based on user privileges.

      1. HIVE-7361.5.patch
        74 kB
        Thejas M Nair
      2. HIVE-7361.4.patch
        75 kB
        Thejas M Nair
      3. HIVE-7361.3.patch
        76 kB
        Thejas M Nair
      4. HIVE-7361.2.patch
        65 kB
        Thejas M Nair
      5. HIVE-7361.1.patch
        61 kB
        Thejas M Nair

        Issue Links

          Activity

          Thejas M Nair made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          Lefty Leverenz made changes -
          Link This issue is related to HIVE-7456 [ HIVE-7456 ]
          Thejas M Nair made changes -
          Status Patch Available [ 10002 ] Resolved [ 5 ]
          Fix Version/s 0.14.0 [ 12326450 ]
          Resolution Fixed [ 1 ]
          Thejas M Nair made changes -
          Attachment HIVE-7361.5.patch [ 12656400 ]
          Thejas M Nair made changes -
          Attachment HIVE-7361.4.patch [ 12656325 ]
          Thejas M Nair made changes -
          Release Note This also changes behavior in SQL std auth -
          reset command is now allowed.
          dfs,add,delete,compile commands are now allowed for the admin user.
          Labels TODOC14
          Thejas M Nair made changes -
          Attachment HIVE-7361.3.patch [ 12656158 ]
          Thejas M Nair made changes -
          Attachment HIVE-7361.2.patch [ 12655575 ]
          Thejas M Nair made changes -
          Issue Type Bug [ 1 ] Improvement [ 4 ]
          Thejas M Nair made changes -
          Status Open [ 1 ] Patch Available [ 10002 ]
          Thejas M Nair made changes -
          Attachment HIVE-7361.1.patch [ 12655327 ]
          Thejas M Nair made changes -
          Remote Link This issue links to "review board (Web Link)" [ 15843 ]
          Thejas M Nair made changes -
          Summary using authorization api for SET, RESET, DFS, ADD, DELETE, COMPILE commands using authorization api for RESET, DFS, ADD, DELETE, COMPILE commands
          Thejas M Nair made changes -
          Link This issue is related to HIVE-7364 [ HIVE-7364 ]
          Thejas M Nair made changes -
          Field Original Value New Value
          Link This issue is related to HIVE-7364 [ HIVE-7364 ]
          Thejas M Nair created issue -

            People

            • Assignee:
              Thejas M Nair
              Reporter:
              Thejas M Nair
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development