[ 
https://issues.apache.org/jira/browse/HIVE-6907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13969856#comment-13969856
 ] 

Thejas M Nair commented on HIVE-6907:
-------------------------------------

[~vaibhavgumashta] Also verified with a secure cluster that this patch works 
with doAs disabled and no proxy entries for hive server2 user in core-site.xml 
. Thanks Vaibhav!
Also talked to [~jnp] (who has done lot of security work in core hadoop), this 
doAs as same user does not require any proxy user entries.
So we have both experimental and theoretical validation! :)


> HiveServer2 - wrong user gets used for metastore operation with embedded 
> metastore
> ----------------------------------------------------------------------------------
>
>                 Key: HIVE-6907
>                 URL: https://issues.apache.org/jira/browse/HIVE-6907
>             Project: Hive
>          Issue Type: Bug
>          Components: HiveServer2
>    Affects Versions: 0.13.0
>            Reporter: Thejas M Nair
>            Assignee: Thejas M Nair
>            Priority: Blocker
>             Fix For: 0.13.0
>
>         Attachments: HIVE-6907.1.patch, HIVE-6907.2.patch, HIVE-6907.3.patch
>
>
> When queries are being run concurrently against HS2, sometimes the wrong user 
> ends performing the metastore action and you get an error like - 
> {code}
> ..INFO|java.sql.SQLException: Error while processing statement: FAILED: 
> Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. 
> MetaException(message:java.security.AccessControlException: action WRITE not 
> permitted on path hdfs://example.net:8020/apps/hive/warehouse/tbl_4eeulg9zp4 
> for user hrt_qa)
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to