[ https://issues.apache.org/jira/browse/HIVE-78?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12932354#action_12932354 ]
Namit Jain commented on HIVE-78: -------------------------------- Driver: //do the authorization check 385 if (HiveConf.getBoolVar(conf, 386 HiveConf.ConfVars.HIVE_AUTHORIZATION_ENABLED)) { 387 boolean pass = doAuthorization(sem); 388 if (!pass) { 389 console.printError("Authrizatio\ n failed (not enough privileges found t? o run the query.)."); 390 return (400); 391 } 392 } Can we print the reason which privilege was missing ? Can we optimize the scenario - we are checking for all partitions one-by-one both for inputs and outputs ? What if the user/group/role has the table privilege - we dont need to go over all the partitions one by one. We can even do this in a follow-up Why do we need the change in QueryPlan ? showGrants: should the output have a schema ? Going forwad, it will be easier for JDBC clients to parse. No need to change WriteEntity etc. ? user cannot be made a reserved word - ~20 tables have a column called 'user' in facebook - please check 'role' and 'option'. SemanticAnalyzer: 3511 not needed What happens to replication of roles - needs to be done Where are the privileges copied for a newly created partition ? > Authorization infrastructure for Hive > ------------------------------------- > > Key: HIVE-78 > URL: https://issues.apache.org/jira/browse/HIVE-78 > Project: Hive > Issue Type: New Feature > Components: Metastore, Query Processor, Server Infrastructure > Reporter: Ashish Thusoo > Assignee: He Yongqiang > Attachments: createuser-v1.patch, hive-78-metadata-v1.patch, > hive-78-syntax-v1.patch, HIVE-78.1.nothrift.patch, HIVE-78.1.thrift.patch, > HIVE-78.2.nothrift.patch, HIVE-78.2.thrift.patch, hive-78.diff > > > Allow hive to integrate with existing user repositories for authentication > and authorization infromation. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.