[
https://issues.apache.org/jira/browse/HIVE-3591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13746980#comment-13746980
]
Thiruvel Thirumoolan commented on HIVE-3591:
--------------------------------------------
[~lmccay] The first approach to authorization was client side. [~sushanth] has
also enabled this on the server side (HCatalog/Metastore) through HIVE-3705.
We enable these features on our HCatalog deployments. Even if the user unsets
these properties, server side changes still take effect and the user can't drop
tables etc. We have tested this for HDFS based authorization. The properties we
used on the HCatalog server are:
<property>
<name>hive.security.metastore.authorization.manager</name>
<value>org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider</value>
</property>
<property>
<name>hive.security.metastore.authenticator.manager</name>
<value>org.apache.hadoop.hive.ql.security.HadoopDefaultMetastoreAuthenticator</value>
</property>
<property>
<name>hive.metastore.pre.event.listeners</name>
<value>org.apache.hadoop.hive.ql.security.authorization.AuthorizationPreEventListener</value>
</property>
> set hive.security.authorization.enabled can be executed by any user
> -------------------------------------------------------------------
>
> Key: HIVE-3591
> URL: https://issues.apache.org/jira/browse/HIVE-3591
> Project: Hive
> Issue Type: Bug
> Components: Authorization, CLI, Clients, JDBC
> Affects Versions: 0.7.1
> Environment: RHEL 5.6
> CDH U3
> Reporter: Dev Gupta
> Labels: Authorization, Security
>
> The property hive.security.authorization.enabled can be set to true or false,
> by any user on the CLI, thus circumventing any previously set grants and
> authorizations.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
