[
https://issues.apache.org/jira/browse/HIVE-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13830619#comment-13830619
]
Lefty Leverenz commented on HIVE-5400:
--------------------------------------
Added this at the end of the [Hive Client
Security|https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-HiveClientSecurity]
section:
hive.security.command.whitelist
* Default Value: set,reset,dfs,add,delete
* Added In: Hive 0.13.0 with HIVE-5400
Comma separated list of non-SQL Hive commands that users are authorized to
execute. This can be used to restrict the set of authorized commands. The
currently supported command list is "set,reset,dfs,add,delete" and by default
all these commands are authorized. To restrict any of these commands, set
hive.security.command.whitelist to a value that does not have the command in it.
> Allow admins to disable compile and other commands
> --------------------------------------------------
>
> Key: HIVE-5400
> URL: https://issues.apache.org/jira/browse/HIVE-5400
> Project: Hive
> Issue Type: Sub-task
> Reporter: Brock Noland
> Assignee: Brock Noland
> Fix For: 0.13.0
>
> Attachments: HIVE-5400.patch, HIVE-5400.patch, HIVE-5400.patch
>
>
> From here:
> https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220
> I think we should afford admins who want to disable this functionality the
> ability to do so. Since such admins might want to disable other commands such
> as add or dfs, it wouldn't be much trouble to allow them to do this as well.
> For example we could have a configuration option "hive.available.commands"
> (or similar) which specified add,set,delete,reset, etc by default. Then check
> this value in CommandProcessorFactory. It would probably make sense to add
> this property to the restrict list.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
