[
https://issues.apache.org/jira/browse/HIVE-3009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13934051#comment-13934051
]
Sushanth Sowmyan commented on HIVE-3009:
----------------------------------------
Hi,
This bug's status is now mostly abandoned and should be marked
RESOLVED-INVALID. Hive Authorization has been reworked, and is being tracked
over at https://issues.apache.org/jira/browse/HIVE-5837 , following a SQL
standard authorization mode.
As part of design, it was decided that metastore-level security for
show/describe was difficult to separate form client-side security, which is
inherently insecure, and thus, the truly secure model is to use something like
HiveServer2, lock down the metastore and not allow any outside access to it,
and then use SQL standard authorization on top of that.
> do authorization for all metadata operations
> --------------------------------------------
>
> Key: HIVE-3009
> URL: https://issues.apache.org/jira/browse/HIVE-3009
> Project: Hive
> Issue Type: Bug
> Components: Authorization, Metastore
> Reporter: Thejas M Nair
> Assignee: Vandana Ayyalasomayajula
>
> Most of the metadata read operations and some write operations are not
> checking for authorization.
> See org.apache.hadoop.hive.ql.plan.HiveOperation . Operations such as
> DESCTABLE and DROPDATABASE have null for required privileges.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
