How are others setting up hive for use in production? I guess my real question how are many of us getting around these security gaps?
Thanks, Ranjith On May 19, 2012, at 12:05 AM, Bejoy Ks <bejoy...@yahoo.com> wrote: > Hi Ranjith > > AFAIK Segmenting tables into databases won't help much as, again the > Authorization issues would pop out. An user himself may be able to grant > rights to access another db. Different metastores is an option, but again > maintaining all of them is still a hassle, still you can do it. The fair > solution is only on its way. :) > > Regards > Bejoy > > From: Ranjith <ranjith.raghuna...@gmail.com> > To: "user@hive.apache.org" <user@hive.apache.org> > Cc: "user@hive.apache.org" <user@hive.apache.org> > Sent: Saturday, May 19, 2012 9:53 AM > Subject: Re: Is there a way to create user account and grant read only > permissions? > > Is separate metastores and separate hive servers the only way to go here? Or > can we segment tables into databases and then use hive authorization. > > Thanks, > Ranjith > > On May 18, 2012, at 11:08 PM, "Bejoy KS" <bejoy...@yahoo.com> wrote: > >> Hi patrick >> The Authorization mechanisms in hive are not as solid as other RDBMS. A user >> can grant himself rights and can then drop a table or do whatever operations >> he likes to do. There is no super user(admin) and sub user concept in hive >> yet, but the community is having plans to implement that in future with >> strong Authorization mechanisms. >> Saying this if the business users are guaranteed not to play with GRANT >> statements or rather not change permissions themselves, (But it is hard to >> guarantee this when the no of users are large :) ) hive can satisfy your >> requirement. >> Regards >> Bejoy KS >> >> Sent from handheld, please excuse typos. >> From: "Raghunath, Ranjith" <ranjith.raghuna...@usaa.com> >> Date: Sat, 19 May 2012 00:54:36 +0000 >> To: user@hive.apache.org<user@hive.apache.org> >> ReplyTo: user@hive.apache.org >> Subject: RE: Is there a way to create user account and grant read only >> permissions? >> >> Take a look at this, https://cwiki.apache.org/Hive/languagemanual-auth.html. >> This may be what you are looking for . >> >> From: shashwat shriparv [mailto:dwivedishash...@gmail.com] >> Sent: Friday, May 18, 2012 3:08 PM >> To: user@hive.apache.org >> Subject: Re: Is there a way to create user account and grant read only >> permissions? >> >> Check out this >> >> https://ccp.cloudera.com/display/CDHDOC/Hive+Security+Configuration >> On Sat, May 19, 2012 at 12:17 AM, Patrick Luo <l...@trulia.com> wrote: >> My use case requires individual accounts for business users groups. Is there >> a way to mimic MySQL (or other database) to create users with read-only >> permissions? This avoid business user accidental table drop. Metastore has >> table ROLES but don’t see documentation on that. Much appreciated if anyone >> can point to the documentation or share your thoughts on this? >> >> - Patrick >> >> >> >> >> >> -- >> >> ∞ >> Shashwat Shriparv >> >> > >
