[ https://issues.apache.org/jira/browse/HIVE-3009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13934051#comment-13934051 ]
Sushanth Sowmyan commented on HIVE-3009: ---------------------------------------- Hi, This bug's status is now mostly abandoned and should be marked RESOLVED-INVALID. Hive Authorization has been reworked, and is being tracked over at https://issues.apache.org/jira/browse/HIVE-5837 , following a SQL standard authorization mode. As part of design, it was decided that metastore-level security for show/describe was difficult to separate form client-side security, which is inherently insecure, and thus, the truly secure model is to use something like HiveServer2, lock down the metastore and not allow any outside access to it, and then use SQL standard authorization on top of that. > do authorization for all metadata operations > -------------------------------------------- > > Key: HIVE-3009 > URL: https://issues.apache.org/jira/browse/HIVE-3009 > Project: Hive > Issue Type: Bug > Components: Authorization, Metastore > Reporter: Thejas M Nair > Assignee: Vandana Ayyalasomayajula > > Most of the metadata read operations and some write operations are not > checking for authorization. > See org.apache.hadoop.hive.ql.plan.HiveOperation . Operations such as > DESCTABLE and DROPDATABASE have null for required privileges. -- This message was sent by Atlassian JIRA (v6.2#6252)