[
https://issues.apache.org/jira/browse/HIVE-7209?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14027228#comment-14027228
]
Thejas M Nair commented on HIVE-7209:
-------------------------------------
Note that it is not recommended that user whose access is being secured using
SQL standards based auth is given direct access to metastore. With that
practice in place, such users cannot act maliciously to change access control
policy without authorization.
> allow metastore authorization api calls to be restricted to certain invokers
> ----------------------------------------------------------------------------
>
> Key: HIVE-7209
> URL: https://issues.apache.org/jira/browse/HIVE-7209
> Project: Hive
> Issue Type: Bug
> Components: Authentication, Metastore
> Reporter: Thejas M Nair
> Assignee: Thejas M Nair
>
> Any user who has direct access to metastore can make metastore api calls that
> modify the authorization policy.
> The users who can make direct metastore api calls in a secure cluster
> configuration are usually the 'cluster insiders' such as Pig and MR users,
> who are not (securely) covered by the metastore based authorization policy.
> But it makes sense to disallow access from such users as well.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
