[ 
https://issues.apache.org/jira/browse/HIVE-78?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12699247#action_12699247
 ] 

Edward Capriolo commented on HIVE-78:
-------------------------------------

GRANT 
*       SELECT
*       ALTER
*       INSERT  
*       UPDATE --RESERVED
*       DROP
*       CREATE

GLOBAL GRANT PERMISSIONS
* PROCESS_LIST -List Query 
* PROCESS_KILL -Kill query
* RC - start shutdown
* WITH_GRANT - Give user permission to grant other permissions

SPECIAL
* 'ALL' ALL PERMISSIONS 

Target Objects: ALL, DataBase, Table, Partition, Column
        
* Permissions are additive
* Upper level implies lower level i.e. select on table implies select on all 
columns in table

Suggested Syntax
* GRANT WITH_GRANT,RC, ON '*' TO 'USER1','USER2' AS my_permission
* GRANT SELECT ON 'cat1','cat2' TO 'USER1' AS my_permission
* GRANT SELECT ON 'cat1.*', 'cat2.homes.name'  TO 'USER4', '%GROUP1' AS 
my_permission
* GRANT SELECT on 'cat1.*', 'cat2.homes.PARTITION="5.5.4".owner' TO 'USER5' AS 
my_permission

In the metastore we can store the permissions like this:
PERMISSION SET {
        Vector <User|GROUP> ,
        Vector <TargetObject>,
        Vector <PRIV>,
        String Name
}

        

> Authentication infrastructure for Hive
> --------------------------------------
>
>                 Key: HIVE-78
>                 URL: https://issues.apache.org/jira/browse/HIVE-78
>             Project: Hadoop Hive
>          Issue Type: New Feature
>          Components: Server Infrastructure
>            Reporter: Ashish Thusoo
>            Assignee: Edward Capriolo
>
> Allow hive to integrate with existing user repositories for authentication 
> and authorization infromation.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to