[
https://issues.apache.org/jira/browse/HIVE-7209?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lefty Leverenz updated HIVE-7209:
---------------------------------
Labels: (was: TODOC14)
> allow metastore authorization api calls to be restricted to certain invokers
> ----------------------------------------------------------------------------
>
> Key: HIVE-7209
> URL: https://issues.apache.org/jira/browse/HIVE-7209
> Project: Hive
> Issue Type: Bug
> Components: Authentication, Metastore
> Reporter: Thejas M Nair
> Assignee: Thejas M Nair
> Fix For: 0.14.0
>
> Attachments: HIVE-7209.1.patch, HIVE-7209.2.patch, HIVE-7209.3.patch,
> HIVE-7209.4.patch
>
>
> Any user who has direct access to metastore can make metastore api calls that
> modify the authorization policy.
> The users who can make direct metastore api calls in a secure cluster
> configuration are usually the 'cluster insiders' such as Pig and MR users,
> who are not (securely) covered by the metastore based authorization policy.
> But it makes sense to disallow access from such users as well.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
