[jira] [Commented] (HIVE-3705) Adding authorization capability to the metastore

[Shreepadma Venugopalan (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HIVE-3705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13498520#comment-13498520
 ] 

Shreepadma Venugopalan commented on HIVE-3705:
----------------------------------------------

@Sushanth: Thanks for posting the document and the patch. Securing the 
metastore is necessary to provide reliable authorization in Hive. I looked at 
the document and the code and have the following high level questions,

 a)The document contains an example of how the current pluggable authorization 
provider can be exploited to circumvent security. This patch seems to introduce 
a new config param - hive.security.metastore.authorization.manager - that 
allows a pluggable authorization provider. Perhaps I'm missing something here, 
but wondering how we would prevent a user from plugging in their own 
authorization provider. 

 b)The current Hive authorization model exposes semantics that is confusing and 
at times inconsistent. While this patch has moved the auth checks to the 
metastore (IMO, this is the right thing to do) it seems to implement the 
existing semantics. Wondering if there is a plan to fix the semantics at some 
point.

 c)How do we obtain the userid for performing authorization? Are we using the 
authentication id from the Thrift context? If so, how do we handle the case 
where the authentication id is different from the authorization id, for e.g., 
HS2 authenticates to the metastore as HS2 but is executing a statement on 
behalf of user 'u1'? Thanks.
                
> Adding authorization capability to the metastore
> ------------------------------------------------
>
>                 Key: HIVE-3705
>                 URL: https://issues.apache.org/jira/browse/HIVE-3705
>             Project: Hive
>          Issue Type: New Feature
>          Components: Authorization, Metastore
>            Reporter: Sushanth Sowmyan
>            Assignee: Sushanth Sowmyan
>         Attachments: HIVE-3705.D6681.1.patch, HIVE-3705.D6681.2.patch, 
> hivesec_investigation.pdf
>
>
> In an environment where multiple clients access a single metastore, and we 
> want to evolve hive security to a point where it's no longer simply 
> preventing users from shooting their own foot, we need to be able to 
> authorize metastore calls as well, instead of simply performing every 
> metastore api call that's made.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira