[ https://issues.apache.org/jira/browse/HIVE-6892?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14213352#comment-14213352 ]
Lefty Leverenz commented on HIVE-6892: -------------------------------------- I don't have any experience with that, [~szehon]. Have you taken a look at how it's done in the Open Issues section of HBase Integration? * [HBase Integration -- Open Issues | https://cwiki.apache.org/confluence/display/Hive/HBaseIntegration#HBaseIntegration-OpenIssues(JIRA)] It was added by [~cwsteinbach] in version 8 of the doc, so maybe Carl can help you. Or maybe all you need is this: * [Versions Compared -- 7 to 8 | https://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=27362089&selectedPageVersions=8&selectedPageVersions=7] You might already know, but it's a JIRA Issue box which can be inserted in edit mode from the "+" drop-down list (Insert More Content). Did you do that, then hit a snag with the query? > Permission inheritance issues > ----------------------------- > > Key: HIVE-6892 > URL: https://issues.apache.org/jira/browse/HIVE-6892 > Project: Hive > Issue Type: Bug > Components: Security > Affects Versions: 0.13.0 > Reporter: Szehon Ho > Assignee: Szehon Ho > Labels: TODOC14 > > *HDFS Background* > * When a file or directory is created, its owner is the user identity of the > client process, and its group is inherited from parent (the BSD rule). > Permissions are taken from default umask. Extended Acl's are taken from > parent unless they are set explicitly. > *Goals* > To reduce need to set fine-grain file security props after every operation, > users may want the following Hive warehouse file/dir to auto-inherit security > properties from their directory parents: > * Directories created by new database/table/partition/bucket > * Files added to tables via load/insert > * Table directories exported/imported (open question of whether exported > table inheriting perm from new parent needs another flag) > What may be inherited: > * Basic file permission > * Groups (already done by HDFS for new directories) > * Extended ACL's (already done by HDFS for new directories) > *Behavior* > * When "hive.warehouse.subdir.inherit.perms" flag is enabled in Hive, Hive > will try to do all above inheritances. In the future, we can add more flags > for more finer-grained control. > * Failure by Hive to inherit will not cause operation to fail. Rule of thumb > of when security-prop inheritance will happen is the following: > ** To run chmod, a user must be the owner of the file, or else a super-user. > ** To run chgrp, a user must be the owner of files, or else a super-user. > ** Hence, user that hive runs as (either 'hive' or the logged-in user in case > of impersonation), must be super-user or owner of the file whose security > properties are going to be changed. -- This message was sent by Atlassian JIRA (v6.3.4#6332)