[
https://issues.apache.org/jira/browse/HIVE-8045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14138004#comment-14138004
]
Jason Dere commented on HIVE-8045:
----------------------------------
Couple comments on RB.
The docs will also need to be updated to reflect the supported auth
configurations, for both HS2 and CLI. Might want to keep them separate from any
such configurations supported in 0.13, since it looks like there are some
differences now.
> SQL standard auth with cli - Errors and configuration issues
> ------------------------------------------------------------
>
> Key: HIVE-8045
> URL: https://issues.apache.org/jira/browse/HIVE-8045
> Project: Hive
> Issue Type: Bug
> Components: Authorization
> Reporter: Jagruti Varia
> Assignee: Thejas M Nair
> Attachments: HIVE-8045.1.patch
>
>
> HIVE-7533 enabled sql std authorization to be set in hive cli (without
> enabling authorization checks). This updates hive configuration so that
> create-table and create-views set permissions appropriately for the owner of
> the table.
> HIVE-7209 added a metastore authorization provider that can be used to
> restricts calls made to the authorization api, so that only HS2 can make
> those calls (when HS2 uses embedded metastore).
> Some issues were found with this.
> # Even if hive.security.authorization.enabled=false, authorization checks
> were happening for non sql statements as add/detete/dfs/compile, which
> results in MetaStoreAuthzAPIAuthorizerEmbedOnly throwing an error.
> # Create table from hive-cli ended up calling metastore server api call
> (getRoles) and resulted in MetaStoreAuthzAPIAuthorizerEmbedOnly throwing an
> error.
> # Some users prefer to enable authorization using hive-site.xml for
> hive-server2 (hive.security.authorization.enabled param). If this file is
> shared by hive-cli and hive-server2, SQL std authorizer throws an error
> because is use in hive-cli is not allowed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
