Hi Pradeep, Namit and I took a look at the doc; thanks for the clear writeup.
Coincidentally, we've been starting to think about some Hive authorization use cases within Facebook as well. However, the approach we're thinking about is more along the lines of traditional SQL ACL's (role-based GRANT/REVOKE with persistence in the metastore) rather than HDFS-based. HIVE-78 touches on this (plus a lot of unrelated stuff). So, one question is whether you would still need HDFS-based approach if a metastore-level ACL solution were available? And if the answer to that is no, then would you prefer to skip the HDFS-based work and just join forces on the ACL solution? If it turns out that you're going to need the HDFS-based approach, then I can see how both can coexist (either as alternatives, or as one overlayed on top of the other). The HDFS-based approach can be useful for controlling how HDFS permissions are managed in the case where users are allowed direct access to HDFS, or when multiple clients are used for access (which is one of the main reasons for Howl to exist). Regarding development of the HDFS-based approach, it would make sense to start off with enforcement via hooks. I think now that we have the semantic analyzer hooks, it should be possible to do it either all there or via a combination of that and execution hooks. The code for the hook implementations can start out in Howl, and then if there's consensus on adopting it within Hive, we can move it at that time. JVS On Oct 5, 2010, at 1:19 PM, Pradeep Kamath wrote: Also, if this proposal looks reasonable, it would be nice if hive would also adopt it – so comments from hive developers/committers on the feasibility would be much appreciated! Thanks, Pradeep ________________________________ From: Pradeep Kamath Sent: Tuesday, October 05, 2010 1:14 PM To: '<mailto:'howl...@yahoogroups.com>howl...@yahoogroups.com<mailto:'howl...@yahoogroups.com>' Subject: Howl Authorization proposal Hi, I have posted a proposal for implementing authorization in howl based on hdfs file permission at http://wiki.apache.org/pig/Howl/HowlAuthorizationProposal. Please provide any comments/feedback on the proposal. Thanks, Pradeep __._,_.___ Your email settings: Individual Email|Traditional Change settings via the Web<http://groups.yahoo.com/group/howldev/join;_ylc=X3oDMTJnbXZnZ25hBF9TAzk3NDc2NTkwBGdycElkAzYzNDIwNTA4BGdycHNwSWQDMTcwNzI4MTk0MgRzZWMDZnRyBHNsawNzdG5ncwRzdGltZQMxMjg2MzA5OTkz> (Yahoo! ID required) Change settings via email: Switch delivery to Daily Digest<mailto:howldev-dig...@yahoogroups.com?subject=email%20delivery:%20Digest> | Switch to Fully Featured<mailto:howldev-fullfeatu...@yahoogroups.com?subject=change%20delivery%20format:%20Fully%20Featured> Visit Your Group <http://groups.yahoo.com/group/howldev;_ylc=X3oDMTJlZGNvbjQwBF9TAzk3NDc2NTkwBGdycElkAzYzNDIwNTA4BGdycHNwSWQDMTcwNzI4MTk0MgRzZWMDZnRyBHNsawNocGYEc3RpbWUDMTI4NjMwOTk5Mw--> | Yahoo! Groups Terms of Use <http://docs.yahoo.com/info/terms/> | Unsubscribe <mailto:howldev-unsubscr...@yahoogroups.com?subject=unsubscribe> __,_._,___
