[
https://issues.apache.org/jira/browse/HIVE-78?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12932354#action_12932354
]
Namit Jain commented on HIVE-78:
--------------------------------
Driver:
//do the authorization check
385 if (HiveConf.getBoolVar(conf,
386 HiveConf.ConfVars.HIVE_AUTHORIZATION_ENABLED)) {
387 boolean pass = doAuthorization(sem);
388 if (!pass) {
389 console.printError("Authrizatio\
n failed (not enough privileges found t?
o run the query.).");
390 return (400);
391 }
392 }
Can we print the reason which privilege was missing ?
Can we optimize the scenario - we are checking for all partitions one-by-one
both for inputs and outputs ? What if the user/group/role has the table
privilege - we dont need to go over all the partitions one by one.
We can even do this in a follow-up
Why do we need the change in QueryPlan ?
showGrants: should the output have a schema ? Going forwad, it will
be easier for JDBC clients to parse.
No need to change WriteEntity etc. ?
user cannot be made a reserved word - ~20 tables have a column called 'user'
in facebook - please check 'role' and 'option'.
SemanticAnalyzer: 3511 not needed
What happens to replication of roles - needs to be done
Where are the privileges copied for a newly created partition ?
> Authorization infrastructure for Hive
> -------------------------------------
>
> Key: HIVE-78
> URL: https://issues.apache.org/jira/browse/HIVE-78
> Project: Hive
> Issue Type: New Feature
> Components: Metastore, Query Processor, Server Infrastructure
> Reporter: Ashish Thusoo
> Assignee: He Yongqiang
> Attachments: createuser-v1.patch, hive-78-metadata-v1.patch,
> hive-78-syntax-v1.patch, HIVE-78.1.nothrift.patch, HIVE-78.1.thrift.patch,
> HIVE-78.2.nothrift.patch, HIVE-78.2.thrift.patch, hive-78.diff
>
>
> Allow hive to integrate with existing user repositories for authentication
> and authorization infromation.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
