[
https://issues.apache.org/jira/browse/HIVE-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13782351#comment-13782351
]
Edward Capriolo commented on HIVE-5400:
---------------------------------------
It is important to note that Apache Hive does not have to concern itself with
how this feature functions with external tools like Sentry. Hive's security
model is optimistic and by no means definitive. I do not see it as a blocker
because none of the other Processors provide any security (including the !)
which allows people the ability to launch local commands.
That being said, I do not have issue building the feature in such a way that
allows some levels of control. Which is simple because in essence this is a
very small patch.
> Allow admins to disable compile and other commands
> --------------------------------------------------
>
> Key: HIVE-5400
> URL: https://issues.apache.org/jira/browse/HIVE-5400
> Project: Hive
> Issue Type: Sub-task
> Reporter: Brock Noland
>
> From here:
> https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220
> I think we should afford admins who want to disable this functionality the
> ability to do so. Since such admins might want to disable other commands such
> as add or dfs, it wouldn't be much trouble to allow them to do this as well.
> For example we could have a configuration option "hive.available.commands"
> (or similar) which specified add,set,delete,reset, etc by default. Then check
> this value in CommandProcessorFactory. It would probably make sense to add
> this property to the restrict list.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
