[
https://issues.apache.org/jira/browse/HIVE-842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12914281#action_12914281
]
Todd Lipcon commented on HIVE-842:
----------------------------------
I have this basically working. A couple questions I wanted to run by people
before posting a patch:
- Should the metastore always take HDFS actions as the user making the RPC? Or,
for example, with a create table call, should it act as the "owner" specified
in the thrift call regardless of the authenticated user? If the latter, what
authorization mechanism do we need? (ie is there a use case where user A can
make tables on behalf of user B?)
- Are there any metastore operations that should be done as a metastore
principal, or should all HDFS access be done as the authenticated user?
- If we see that Hadoop Security is enabled, should we enable SASL on the
metastore thrift server by default? If SASL-thrift is not enabled, what user
should the metastore act as? In other words, should there be an option whereby
the metastore uses a keytab to authenticate to HDFS, but doesn't require users
to authenticate to it?
> Authentication Infrastructure for Hive
> --------------------------------------
>
> Key: HIVE-842
> URL: https://issues.apache.org/jira/browse/HIVE-842
> Project: Hadoop Hive
> Issue Type: New Feature
> Components: Server Infrastructure
> Reporter: Edward Capriolo
> Assignee: Todd Lipcon
> Attachments: HiveSecurityThoughts.pdf
>
>
> This issue deals with the authentication (user name,password) infrastructure.
> Not the authorization components that specify what a user should be able to
> do.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
