[
https://issues.apache.org/jira/browse/HIVE-17701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16193613#comment-16193613
]
Tao Li commented on HIVE-17701:
-------------------------------
By looking at the code, we use the hasAdministratorAccess method to check if
the use is an admin to access the config/stack pages. But for the reported bug,
I assume we are trying to filter out the queries that are not related to this
user. That means a non-admin user "foo" should not see queries from other
users, while an admin user "bar" should see all queries. Is this understanding
correct? Please confirm. If it sounds correct, then the behavior is different
from the logic by using hasAdministratorAccess.
> Show historic queries only for admin users
> ------------------------------------------
>
> Key: HIVE-17701
> URL: https://issues.apache.org/jira/browse/HIVE-17701
> Project: Hive
> Issue Type: Bug
> Components: HiveServer2
> Reporter: Thejas M Nair
> Assignee: Tao Li
>
> The HiveServer2 Web UI (HIVE-12550) shows recently completed queries.
> However, a user can see the queries run by other users as well, and that is a
> security/privacy concern.
> Only admin users should be allowed to see queries from other users (similar
> to behavior of display for configs, stack trace etc).
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
