Thejas M Nair created HIVE-7209:
-----------------------------------
Summary: allow metastore authorization api calls to be restricted
to certain invokers
Key: HIVE-7209
URL: https://issues.apache.org/jira/browse/HIVE-7209
Project: Hive
Issue Type: Bug
Components: Authentication, Metastore
Reporter: Thejas M Nair
Assignee: Thejas M Nair
Any user who has direct access to metastore can make metastore api calls that
modify the authorization policy.
The users who can make direct metastore api calls in a secure cluster
configuration are usually the 'cluster insiders' such as Pig and MR users, who
are not (securely) covered by the metastore based authorization policy. But it
makes sense to disallow access from such users as well.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
