[jira] [Created] (SPARK-12008) Spark hive security authorization doesn't work as Apache hive's

Wed, 25 Nov 2015 21:30:58 -0800 

pin_zhang created SPARK-12008:
---------------------------------

             Summary: Spark hive security authorization doesn't work as Apache 
hive's
                 Key: SPARK-12008
                 URL: https://issues.apache.org/jira/browse/SPARK-12008
             Project: Spark
          Issue Type: Bug
          Components: SQL
    Affects Versions: 1.5.2
            Reporter: pin_zhang


Spark hive security authorization doesn't consistent with apache hive
The same hive-site.xml    
 <property>
         <name>hive.security.authorization.enabled</name>
         <value>true</value>
   </property>     
   <property>
        <name>hive.security.authorization.manager</name>        
<value>org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory</value>
    </property>
    <property>
        <name>hive.security.authenticator.manager</name>        
<value>org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator</value>
   </property>   
   <property>
        <name>hive.server2.enable.doAs</name>
        <value>true</value>
    </property>

1. Run spark start-thriftserver.sh, Will meet exception when run sql.
   SQL standards based authorization should not be enabled from hive cliInstead 
the use of storage based authorization in hive metastore is reccomended. 
   Set hive.security.authorization.enabled=false to disable authz within cli
2. Change to start start-thriftserver.sh with hive configurations
./start-thriftserver.sh --conf 
hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory
 --conf 
hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator
 

3. Beeline connect with userA and create table tableA.
4. Beeline connect with userB to truncate tableA
  A) In Apache hive, truncate table get exception
  Error while compiling statement: FAILED: HiveAccessControlException 
Permission denied: Principal [name=userB, type=USER] does not have following 
privileges for operation TRUNCATETABLE [[OBJECT OWNERSHIP] on Object 
[type=TABLE_OR_VIEW, name=default.tablea]] (state=42000,code=40000)
  B) In Spark hive, any user that can connect to the hive, can truncate, as 
long as the spark user has privileges.





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to