[
https://issues.apache.org/jira/browse/HIVE-17606?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16181754#comment-16181754
]
Thejas M Nair commented on HIVE-17606:
--------------------------------------
Can you also call the authorize method something more specific like
authorizeProxyPrivilege(), since its doing a very specific authorization check ?
There is more general authorization api provided via pre-event listener, this
would help do avoid confusing with that.
> Improve security for DB notification related APIs
> -------------------------------------------------
>
> Key: HIVE-17606
> URL: https://issues.apache.org/jira/browse/HIVE-17606
> Project: Hive
> Issue Type: Improvement
> Components: Metastore
> Reporter: Tao Li
> Assignee: Tao Li
> Attachments: HIVE-17606.1.patch, HIVE-17606.2.patch,
> HIVE-17606.3.patch
>
>
> The purpose is to make sure only the superusers which are specified in the
> proxyuser settings can make the db notification related API calls, since this
> is supposed to be called by superuser/admin instead of any end user.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
