[jira] Commented: (HIVE-78) Authorization infrastructure for Hive
[ https://issues.apache.org/jira/browse/HIVE-78?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12802720#action_12802720 ] Amr Awadallah commented on HIVE-78: --- I am also very curious what is latest on this jira, no updates since Sept of last year. Min, did you stop working on this? -- amr Authorization infrastructure for Hive - Key: HIVE-78 URL: https://issues.apache.org/jira/browse/HIVE-78 Project: Hadoop Hive Issue Type: New Feature Components: Server Infrastructure Reporter: Ashish Thusoo Assignee: Edward Capriolo Attachments: createuser-v1.patch, hive-78-metadata-v1.patch, hive-78-syntax-v1.patch, hive-78.diff Allow hive to integrate with existing user repositories for authentication and authorization infromation. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (HIVE-78) Authorization infrastructure for Hive
[ https://issues.apache.org/jira/browse/HIVE-78?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12775117#action_12775117 ] Royce Rollins commented on HIVE-78: --- I'm very interested in working on this issue this week but don't want to tread on anyone's work. What's the status? is anything checked in yet. I'd like to get this done as soon as possible. Authorization infrastructure for Hive - Key: HIVE-78 URL: https://issues.apache.org/jira/browse/HIVE-78 Project: Hadoop Hive Issue Type: New Feature Components: Server Infrastructure Reporter: Ashish Thusoo Assignee: Edward Capriolo Attachments: createuser-v1.patch, hive-78-metadata-v1.patch, hive-78-syntax-v1.patch, hive-78.diff Allow hive to integrate with existing user repositories for authentication and authorization infromation. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (HIVE-78) Authorization infrastructure for Hive
[
https://issues.apache.org/jira/browse/HIVE-78?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12757998#action_12757998
]
Namit Jain commented on HIVE-78:
Looking at Min's patch createuser-v1.patch,
I dont think we need create user/drop user etc. at all.
As Edward mentioned before,
When HWI starts the session on behalf of the user it runs SET hadoop.ugi={what
user entered in the test box} at that point if the user initiates a hive job,
the output of that job should be files owned by that user. I am pretty sure the
code in QL just chown's the files at job end or perhaps the entire job runs as
that user (I cant remember).
the user is always available from the environment and for now, let us assume
that all authorizations happen to that user.
Authorization infrastructure for Hive
-
Key: HIVE-78
URL: https://issues.apache.org/jira/browse/HIVE-78
Project: Hadoop Hive
Issue Type: New Feature
Components: Server Infrastructure
Reporter: Ashish Thusoo
Assignee: Edward Capriolo
Attachments: createuser-v1.patch, hive-78-metadata-v1.patch,
hive-78-syntax-v1.patch, hive-78.diff
Allow hive to integrate with existing user repositories for authentication
and authorization infromation.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HIVE-78) Authorization infrastructure for Hive
[ https://issues.apache.org/jira/browse/HIVE-78?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12758112#action_12758112 ] Min Zhou commented on HIVE-78: -- @Namit Got your meaning. We are maintaining a version of our own, it needs couples of weeks for adapting to the trunk. Authorization infrastructure for Hive - Key: HIVE-78 URL: https://issues.apache.org/jira/browse/HIVE-78 Project: Hadoop Hive Issue Type: New Feature Components: Server Infrastructure Reporter: Ashish Thusoo Assignee: Edward Capriolo Attachments: createuser-v1.patch, hive-78-metadata-v1.patch, hive-78-syntax-v1.patch, hive-78.diff Allow hive to integrate with existing user repositories for authentication and authorization infromation. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (HIVE-78) Authorization infrastructure for Hive
[
https://issues.apache.org/jira/browse/HIVE-78?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12757616#action_12757616
]
Min Zhou commented on HIVE-78:
--
sorry,
{nofromat}
public class GenericAuthenticator extends Authenticator {
public GenericAuthenticator (Hive db, User user);
...
}
{nofromat}
Authorization infrastructure for Hive
-
Key: HIVE-78
URL: https://issues.apache.org/jira/browse/HIVE-78
Project: Hadoop Hive
Issue Type: New Feature
Components: Server Infrastructure
Reporter: Ashish Thusoo
Assignee: Edward Capriolo
Attachments: hive-78-metadata-v1.patch, hive-78-syntax-v1.patch,
hive-78.diff
Allow hive to integrate with existing user repositories for authentication
and authorization infromation.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HIVE-78) Authorization infrastructure for Hive
[
https://issues.apache.org/jira/browse/HIVE-78?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12757621#action_12757621
]
Edward Capriolo commented on HIVE-78:
-
@Min,
I think you are on the right track. I think you might have your terminology
mixed up. In AAA
The first A is authentication which usually implies supply a user/password.
second A authorize means what privileges the user has
third A is accounting ( we already have that)
The interfaces you supplied above looks like an Authorizer not
Authenticator. I think
{noformat}
public interface Authorizer {
public boolean authorize(Privilege priv);
public boolean authorize(Privilege priv, Table table);
public boolean authorize(Privilege priv, ListTable table);
}
{noformat}
But you seem to be on a role. I will hang back and wait to see what you come up
with.
Authorization infrastructure for Hive
-
Key: HIVE-78
URL: https://issues.apache.org/jira/browse/HIVE-78
Project: Hadoop Hive
Issue Type: New Feature
Components: Server Infrastructure
Reporter: Ashish Thusoo
Assignee: Edward Capriolo
Attachments: hive-78-metadata-v1.patch, hive-78-syntax-v1.patch,
hive-78.diff
Allow hive to integrate with existing user repositories for authentication
and authorization infromation.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HIVE-78) Authorization infrastructure for Hive
[ https://issues.apache.org/jira/browse/HIVE-78?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12757622#action_12757622 ] Min Zhou commented on HIVE-78: -- oops, my code wasn't in my machine. I just pasted yours and modified it into mine. here is a patch show my code on that. Authorization infrastructure for Hive - Key: HIVE-78 URL: https://issues.apache.org/jira/browse/HIVE-78 Project: Hadoop Hive Issue Type: New Feature Components: Server Infrastructure Reporter: Ashish Thusoo Assignee: Edward Capriolo Attachments: createuser-v1.patch, hive-78-metadata-v1.patch, hive-78-syntax-v1.patch, hive-78.diff Allow hive to integrate with existing user repositories for authentication and authorization infromation. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
