[ 
https://issues.apache.org/jira/browse/HIVE-6957?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13981433#comment-13981433
 ] 

Vaibhav Gumashta commented on HIVE-6957:
----------------------------------------

+1

> SQL authorization does not work with HS2 binary mode and Kerberos auth
> ----------------------------------------------------------------------
>
>                 Key: HIVE-6957
>                 URL: https://issues.apache.org/jira/browse/HIVE-6957
>             Project: Hive
>          Issue Type: Bug
>          Components: Authorization, HiveServer2
>    Affects Versions: 0.13.0
>            Reporter: Thejas M Nair
>            Assignee: Thejas M Nair
>         Attachments: HIVE-6957.04-branch.0.13.patch, HIVE-6957.1.patch, 
> HIVE-6957.2.patch, HIVE-6957.3.patch, HIVE-6957.4.patch
>
>
> In HiveServer2, when Kerberos auth and binary transport modes are used, the 
> user name that gets passed on to authorization is the long kerberos username.
> The username that is used in grant/revoke statements tend to be the short 
> usernames.
> This also fails in authorizing statements that involve URI, as the 
> authorization mode checks the file system permissions for given user. It does 
> not recognize that the given long username actually owns the file or belongs 
> to the group that owns the file.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to