[ https://issues.apache.org/jira/browse/HIVE-3705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13510776#comment-13510776 ]
Phabricator commented on HIVE-3705: ----------------------------------- khorgath has commented on the revision "HIVE-3705 [jira] Adding authorization capability to the metastore". INLINE COMMENTS ql/src/java/org/apache/hadoop/hive/ql/security/HadoopDefaultMetastoreAuthenticator.java:27 Ah, wait, I see what you mean - sorry, some of my response is because I thought I was responding to the setHandler() method in the Metastore Authorization Provider as opposed to the Metastore Authentication Provider. And yes, as of right now, from the authentication side, all we really need is the conf, but my point, as you note as well, is from a perspective of thinking about what interface makes sense. ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationPreEventListener.java:256 Makes sense, adding. ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java:122 Agreed. Adding docs. ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java:168 Makes sense, changing. ql/src/test/org/apache/hadoop/hive/ql/security/TestAuthorizationPreEventListener.java:44 That's useful. Changing. REVISION DETAIL https://reviews.facebook.net/D6681 BRANCH HIVE-3705 To: JIRA, ashutoshc, khorgath > Adding authorization capability to the metastore > ------------------------------------------------ > > Key: HIVE-3705 > URL: https://issues.apache.org/jira/browse/HIVE-3705 > Project: Hive > Issue Type: New Feature > Components: Authorization, Metastore > Reporter: Sushanth Sowmyan > Assignee: Sushanth Sowmyan > Attachments: HIVE-3705.D6681.1.patch, HIVE-3705.D6681.2.patch, > HIVE-3705.D6681.3.patch, HIVE-3705.D6681.4.patch, > hive-backend-auth.2.git.patch, hive-backend-auth.git.patch, > hivesec_investigation.pdf > > > In an environment where multiple clients access a single metastore, and we > want to evolve hive security to a point where it's no longer simply > preventing users from shooting their own foot, we need to be able to > authorize metastore calls as well, instead of simply performing every > metastore api call that's made. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira