[ https://issues.apache.org/jira/browse/HIVE-842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12914281#action_12914281 ]
Todd Lipcon commented on HIVE-842: ---------------------------------- I have this basically working. A couple questions I wanted to run by people before posting a patch: - Should the metastore always take HDFS actions as the user making the RPC? Or, for example, with a create table call, should it act as the "owner" specified in the thrift call regardless of the authenticated user? If the latter, what authorization mechanism do we need? (ie is there a use case where user A can make tables on behalf of user B?) - Are there any metastore operations that should be done as a metastore principal, or should all HDFS access be done as the authenticated user? - If we see that Hadoop Security is enabled, should we enable SASL on the metastore thrift server by default? If SASL-thrift is not enabled, what user should the metastore act as? In other words, should there be an option whereby the metastore uses a keytab to authenticate to HDFS, but doesn't require users to authenticate to it? > Authentication Infrastructure for Hive > -------------------------------------- > > Key: HIVE-842 > URL: https://issues.apache.org/jira/browse/HIVE-842 > Project: Hadoop Hive > Issue Type: New Feature > Components: Server Infrastructure > Reporter: Edward Capriolo > Assignee: Todd Lipcon > Attachments: HiveSecurityThoughts.pdf > > > This issue deals with the authentication (user name,password) infrastructure. > Not the authorization components that specify what a user should be able to > do. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.