[jira] [Commented] (HIVE-3705) Adding authorization capability to the metastore

Wed, 05 Dec 2012 13:16:02 -0800 

    [ 
https://issues.apache.org/jira/browse/HIVE-3705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13510776#comment-13510776
 ] 

Phabricator commented on HIVE-3705:
-----------------------------------

khorgath has commented on the revision "HIVE-3705 [jira] Adding authorization 
capability to the metastore".

INLINE COMMENTS
  
ql/src/java/org/apache/hadoop/hive/ql/security/HadoopDefaultMetastoreAuthenticator.java:27
 Ah, wait, I see what you mean - sorry, some of my response is because I 
thought I was responding to the setHandler() method in the Metastore 
Authorization Provider as opposed to the Metastore Authentication Provider. And 
yes, as of right now, from the authentication side, all we really need is the 
conf, but my point, as you note as well, is from a perspective of thinking 
about what interface makes sense.
  
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationPreEventListener.java:256
 Makes sense, adding.
  
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java:122
 Agreed. Adding docs.
  
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java:168
 Makes sense, changing.
  
ql/src/test/org/apache/hadoop/hive/ql/security/TestAuthorizationPreEventListener.java:44
 That's useful. Changing.

REVISION DETAIL
  https://reviews.facebook.net/D6681

BRANCH
  HIVE-3705

To: JIRA, ashutoshc, khorgath

                
> Adding authorization capability to the metastore
> ------------------------------------------------
>
>                 Key: HIVE-3705
>                 URL: https://issues.apache.org/jira/browse/HIVE-3705
>             Project: Hive
>          Issue Type: New Feature
>          Components: Authorization, Metastore
>            Reporter: Sushanth Sowmyan
>            Assignee: Sushanth Sowmyan
>         Attachments: HIVE-3705.D6681.1.patch, HIVE-3705.D6681.2.patch, 
> HIVE-3705.D6681.3.patch, HIVE-3705.D6681.4.patch, 
> hive-backend-auth.2.git.patch, hive-backend-auth.git.patch, 
> hivesec_investigation.pdf
>
>
> In an environment where multiple clients access a single metastore, and we 
> want to evolve hive security to a point where it's no longer simply 
> preventing users from shooting their own foot, we need to be able to 
> authorize metastore calls as well, instead of simply performing every 
> metastore api call that's made.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to