Re: Controlling access to hive/db-tables while using SparkSQL

2016-08-30 Thread ayan guha
Given Record Service is yet to be added to main distributions, I believe
the only available solution now is to use hdfs acl to restrict access for
spark.
On 31 Aug 2016 03:07, "Mich Talebzadeh"  wrote:

> Have you checked using views in Hive to restrict user access to certain
> tables and columns only.
>
> Have a look at this link
> 
>
> HTH
>
> Dr Mich Talebzadeh
>
>
>
> LinkedIn * 
> https://www.linkedin.com/profile/view?id=AAEWh2gBxianrbJd6zP6AcPCCdOABUrV8Pw
> *
>
>
>
> http://talebzadehmich.wordpress.com
>
>
> *Disclaimer:* Use it at your own risk. Any and all responsibility for any
> loss, damage or destruction of data or any other property which may arise
> from relying on this email's technical content is explicitly disclaimed.
> The author will in no case be liable for any monetary damages arising from
> such loss, damage or destruction.
>
>
>
> On 30 August 2016 at 16:26, Deepak Sharma  wrote:
>
>> Is it possible to execute any query using SQLContext even if the DB is
>> secured using roles or tools such as Sentry?
>>
>> Thanks
>> Deepak
>>
>> On Tue, Aug 30, 2016 at 7:52 PM, Rajani, Arpan > > wrote:
>>
>>> Hi All,
>>>
>>> In our YARN cluster, we have setup spark 1.6.1 , we plan to give access
>>> to all the end users/developers/BI users, etc. But we learnt any valid user
>>> after getting their own user kerb TGT, can get hold of sqlContext (in
>>> program or in shell) and can run any query against any secure databases.
>>>
>>> This puts us in a critical condition as we do not want to give blanket
>>> permission to everyone.
>>>
>>>
>>>
>>> We are looking forward to:
>>>
>>> 1)  A *solution or a work around, by which we can give secure
>>> access only to the selected users to sensitive tables/database.*
>>>
>>> 2)  *Failing to do so, we would like to remove/disable the SparkSQL
>>> context/feature for everyone.  *
>>>
>>>
>>>
>>> Any pointers in this direction will be very valuable.
>>>
>>> Thank you,
>>>
>>> Arpan
>>>
>>>
>>> This e-mail and any attachments are confidential, intended only for the 
>>> addressee and may be privileged. If you have received this e-mail in error, 
>>> please notify the sender immediately and delete it. Any content that does 
>>> not relate to the business of Worldpay is personal to the sender and not 
>>> authorised or endorsed by Worldpay. Worldpay does not accept responsibility 
>>> for viruses or any loss or damage arising from transmission or access.
>>>
>>> Worldpay (UK) Limited (Company No: 07316500/ Financial Conduct Authority 
>>> No: 530923), Worldpay Limited (Company No:03424752 / Financial Conduct 
>>> Authority No: 504504), Worldpay AP Limited (Company No: 05593466 / 
>>> Financial Conduct Authority No: 502597). Registered Office: The Walbrook 
>>> Building, 25 Walbrook, London EC4N 8AF and authorised by the Financial 
>>> Conduct Authority under the Payment Service Regulations 2009 for the 
>>> provision of payment services. Worldpay (UK) Limited is authorised and 
>>> regulated by the Financial Conduct Authority for consumer credit 
>>> activities. Worldpay B.V. (WPBV) has its registered office in Amsterdam, 
>>> the Netherlands (Handelsregister KvK no. 60494344). WPBV holds a licence 
>>> from and is included in the register kept by De Nederlandsche Bank, which 
>>> registration can be consulted through www.dnb.nl. Worldpay, the logo and 
>>> any associated brand names are trade marks of the Worldpay group.
>>>
>>>
>>>
>>>
>>
>>
>> --
>> Thanks
>> Deepak
>> www.bigdatabig.com
>> www.keosha.net
>>
>
>


Re: Controlling access to hive/db-tables while using SparkSQL

2016-08-30 Thread Mich Talebzadeh
Have you checked using views in Hive to restrict user access to certain
tables and columns only.

Have a look at this link


HTH

Dr Mich Talebzadeh



LinkedIn * 
https://www.linkedin.com/profile/view?id=AAEWh2gBxianrbJd6zP6AcPCCdOABUrV8Pw
*



http://talebzadehmich.wordpress.com


*Disclaimer:* Use it at your own risk. Any and all responsibility for any
loss, damage or destruction of data or any other property which may arise
from relying on this email's technical content is explicitly disclaimed.
The author will in no case be liable for any monetary damages arising from
such loss, damage or destruction.



On 30 August 2016 at 16:26, Deepak Sharma  wrote:

> Is it possible to execute any query using SQLContext even if the DB is
> secured using roles or tools such as Sentry?
>
> Thanks
> Deepak
>
> On Tue, Aug 30, 2016 at 7:52 PM, Rajani, Arpan 
> wrote:
>
>> Hi All,
>>
>> In our YARN cluster, we have setup spark 1.6.1 , we plan to give access
>> to all the end users/developers/BI users, etc. But we learnt any valid user
>> after getting their own user kerb TGT, can get hold of sqlContext (in
>> program or in shell) and can run any query against any secure databases.
>>
>> This puts us in a critical condition as we do not want to give blanket
>> permission to everyone.
>>
>>
>>
>> We are looking forward to:
>>
>> 1)  A *solution or a work around, by which we can give secure access
>> only to the selected users to sensitive tables/database.*
>>
>> 2)  *Failing to do so, we would like to remove/disable the SparkSQL
>> context/feature for everyone.  *
>>
>>
>>
>> Any pointers in this direction will be very valuable.
>>
>> Thank you,
>>
>> Arpan
>>
>>
>> This e-mail and any attachments are confidential, intended only for the 
>> addressee and may be privileged. If you have received this e-mail in error, 
>> please notify the sender immediately and delete it. Any content that does 
>> not relate to the business of Worldpay is personal to the sender and not 
>> authorised or endorsed by Worldpay. Worldpay does not accept responsibility 
>> for viruses or any loss or damage arising from transmission or access.
>>
>> Worldpay (UK) Limited (Company No: 07316500/ Financial Conduct Authority No: 
>> 530923), Worldpay Limited (Company No:03424752 / Financial Conduct Authority 
>> No: 504504), Worldpay AP Limited (Company No: 05593466 / Financial Conduct 
>> Authority No: 502597). Registered Office: The Walbrook Building, 25 
>> Walbrook, London EC4N 8AF and authorised by the Financial Conduct Authority 
>> under the Payment Service Regulations 2009 for the provision of payment 
>> services. Worldpay (UK) Limited is authorised and regulated by the Financial 
>> Conduct Authority for consumer credit activities. Worldpay B.V. (WPBV) has 
>> its registered office in Amsterdam, the Netherlands (Handelsregister KvK no. 
>> 60494344). WPBV holds a licence from and is included in the register kept by 
>> De Nederlandsche Bank, which registration can be consulted through 
>> www.dnb.nl. Worldpay, the logo and any associated brand names are trade 
>> marks of the Worldpay group.
>>
>>
>>
>>
>
>
> --
> Thanks
> Deepak
> www.bigdatabig.com
> www.keosha.net
>


Re: Controlling access to hive/db-tables while using SparkSQL

2016-08-30 Thread Deepak Sharma
Is it possible to execute any query using SQLContext even if the DB is
secured using roles or tools such as Sentry?

Thanks
Deepak

On Tue, Aug 30, 2016 at 7:52 PM, Rajani, Arpan 
wrote:

> Hi All,
>
> In our YARN cluster, we have setup spark 1.6.1 , we plan to give access to
> all the end users/developers/BI users, etc. But we learnt any valid user
> after getting their own user kerb TGT, can get hold of sqlContext (in
> program or in shell) and can run any query against any secure databases.
>
> This puts us in a critical condition as we do not want to give blanket
> permission to everyone.
>
>
>
> We are looking forward to:
>
> 1)  A *solution or a work around, by which we can give secure access
> only to the selected users to sensitive tables/database.*
>
> 2)  *Failing to do so, we would like to remove/disable the SparkSQL
> context/feature for everyone.  *
>
>
>
> Any pointers in this direction will be very valuable.
>
> Thank you,
>
> Arpan
>
>
> This e-mail and any attachments are confidential, intended only for the 
> addressee and may be privileged. If you have received this e-mail in error, 
> please notify the sender immediately and delete it. Any content that does not 
> relate to the business of Worldpay is personal to the sender and not 
> authorised or endorsed by Worldpay. Worldpay does not accept responsibility 
> for viruses or any loss or damage arising from transmission or access.
>
> Worldpay (UK) Limited (Company No: 07316500/ Financial Conduct Authority No: 
> 530923), Worldpay Limited (Company No:03424752 / Financial Conduct Authority 
> No: 504504), Worldpay AP Limited (Company No: 05593466 / Financial Conduct 
> Authority No: 502597). Registered Office: The Walbrook Building, 25 Walbrook, 
> London EC4N 8AF and authorised by the Financial Conduct Authority under the 
> Payment Service Regulations 2009 for the provision of payment services. 
> Worldpay (UK) Limited is authorised and regulated by the Financial Conduct 
> Authority for consumer credit activities. Worldpay B.V. (WPBV) has its 
> registered office in Amsterdam, the Netherlands (Handelsregister KvK no. 
> 60494344). WPBV holds a licence from and is included in the register kept by 
> De Nederlandsche Bank, which registration can be consulted through 
> www.dnb.nl. Worldpay, the logo and any associated brand names are trade marks 
> of the Worldpay group.
>
>
>
>


-- 
Thanks
Deepak
www.bigdatabig.com
www.keosha.net