[
https://issues.apache.org/jira/browse/HIVE-78?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12699306#action_12699306
]
Ashish Thusoo commented on HIVE-78:
-----------------------------------
I agree, it is best to punt authentication to the authentication systems (LDAP,
kerb etc. etc.) and concentrate on authorization (privileges) here.
About the syntax:
1. I am not sure what AS is used for.
2. column level permissions are good but they can perhaps be addressed with
views and treating permissions on views as we do for tables.
3. I would add the key word TABLE in the GRANT statement, like mysql because we
may have permissions on User defined functions and types in future... so
something like..
GRANT SELECT ON TABLE 'cat1' TO 'USER1'
4. Also maybe in the TO clause make the user and group explict - TO USERS a, b,
c GROUPS g1, g2 otherwise the reader of the command may not know what is a
group and what is a user. I presume this would also make the authorization
logic somewhat simpler as you would know exactly what to look for?
About the blocker that you mentioned, we should perhaps let the hadoop file
permissions be independent of Hive ACLs. Of course you need both to be able to
do anything on the table. Can be tricky though.. Will spend a bit more time
thinking about this - this looks pretty cool...
> Authentication infrastructure for Hive
> --------------------------------------
>
> Key: HIVE-78
> URL: https://issues.apache.org/jira/browse/HIVE-78
> Project: Hadoop Hive
> Issue Type: New Feature
> Components: Server Infrastructure
> Reporter: Ashish Thusoo
> Assignee: Edward Capriolo
>
> Allow hive to integrate with existing user repositories for authentication
> and authorization infromation.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
