[HIVE-8045] SQL standard auth with cli - Errors and configuration issues - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.14.0
Component/s: Authorization
Labels:
None

Description

~~HIVE-7533~~ enabled sql std authorization to be set in hive cli (without enabling authorization checks). This updates hive configuration so that create-table and create-views set permissions appropriately for the owner of the table.
~~HIVE-7209~~ added a metastore authorization provider that can be used to restricts calls made to the authorization api, so that only HS2 can make those calls (when HS2 uses embedded metastore).

Some issues were found with this.

Even if hive.security.authorization.enabled=false, authorization checks were happening for non sql statements as add/detete/dfs/compile, which results in MetaStoreAuthzAPIAuthorizerEmbedOnly throwing an error.
Create table from hive-cli ended up calling metastore server api call (getRoles) and resulted in MetaStoreAuthzAPIAuthorizerEmbedOnly throwing an error.
Some users prefer to enable authorization using hive-site.xml for hive-server2 (hive.security.authorization.enabled param). If this file is shared by hive-cli and hive-server2, SQL std authorizer throws an error because is use in hive-cli is not allowed.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HIVE-8045.1.patch
17/Sep/14 19:21
59 kB
Thejas Nair
HIVE-8045.2.patch
17/Sep/14 22:26
29 kB
Thejas Nair
HIVE-8045.3.patch
18/Sep/14 21:41
31 kB
Thejas Nair

Issue Links

is related to

HIVE-7759 document hive cli authorization behavior when SQL std auth is enabled

Resolved

links to

review board

Activity

People

Assignee:: Thejas Nair

Reporter:: Jagruti Varia

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 10/Sep/14 22:11

Updated:: 13/Nov/14 19:40

Resolved:: 23/Sep/14 20:42