[ https://issues.apache.org/jira/browse/HIVE-78?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12699270#action_12699270 ]
Edward Capriolo commented on HIVE-78: ------------------------------------- >> 1) What would be the syntax to create user/passwd combos and logging in? username and password would come externally. I notice a hadoop Jira on authenticate via Kerb4 and LDAP. We are best off splitting the authentication and authorization as we spoke of above. user and group are your external posix groups >> 2) Are the permissions stored in metastore are per user or per table or a >> combo? They should be stored in the metastore. a rule like GRANT * on '*' TO '*' AS my_permission would have to be stored everywhere and that would be a PITA. >> 3) Do we really need groups? I don't think MySQL implements groups The group is your posix login group. Allowing groups is a simple way to reduce the number of per user rules. >> 4) Right again. The separation here is we let the authentication system carry all the burden of username, groups and password. The metastore is only concerned with what that user can do inside hive. > Authentication infrastructure for Hive > -------------------------------------- > > Key: HIVE-78 > URL: https://issues.apache.org/jira/browse/HIVE-78 > Project: Hadoop Hive > Issue Type: New Feature > Components: Server Infrastructure > Reporter: Ashish Thusoo > Assignee: Edward Capriolo > > Allow hive to integrate with existing user repositories for authentication > and authorization infromation. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.