Hive
  1. Hive
  2. HIVE-7361

using authorization api for RESET, DFS, ADD, DELETE, COMPILE commands

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.14.0
    • Component/s: Authorization
    • Labels:
    • Release Note:
      Hide
      This also changes behavior in SQL std auth -
      reset command is now allowed.
      dfs,add,delete,compile commands are now allowed for the admin user.
      Show
      This also changes behavior in SQL std auth - reset command is now allowed. dfs,add,delete,compile commands are now allowed for the admin user.

      Description

      The only way to disable the commands SET, RESET, DFS, ADD, DELETE and COMPILE that is available currently is to use the hive.security.command.whitelist parameter.

      Some of these commands are disabled using this configuration parameter for security reasons when SQL standard authorization is enabled. However, it gets disabled in all cases.

      If authorization api is used authorize the use of these commands, it will give authorization implementations the flexibility to allow/disallow these commands based on user privileges.

      1. HIVE-7361.1.patch
        61 kB
        Thejas M Nair
      2. HIVE-7361.2.patch
        65 kB
        Thejas M Nair
      3. HIVE-7361.3.patch
        76 kB
        Thejas M Nair
      4. HIVE-7361.4.patch
        75 kB
        Thejas M Nair
      5. HIVE-7361.5.patch
        74 kB
        Thejas M Nair

        Issue Links

          Activity

          No work has yet been logged on this issue.

            People

            • Assignee:
              Thejas M Nair
              Reporter:
              Thejas M Nair
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development