[
https://issues.apache.org/jira/browse/HIVE-78?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12923734#action_12923734
]
He Yongqiang commented on HIVE-78:
----------------------------------
By-passing the hdfs permission from hive layer is just one option. And the
implementation should also support setting user groups in the hdfs side. And
let the mapreduce job run as the user.
Just a quick update about the authorization rule:
In the offline discussion we had internally this afternoon, remove DENY should
also another option to be considered. And we examined our use cased with this
(without DENY), it works. So remove DENY from the authorization will simplify
the implementation a lot.
And regarding view and index, for the first version, we should not do that. And
we can do them later when we have a better understanding after we implement the
first version.
> Authorization infrastructure for Hive
> -------------------------------------
>
> Key: HIVE-78
> URL: https://issues.apache.org/jira/browse/HIVE-78
> Project: Hive
> Issue Type: New Feature
> Components: Metastore, Query Processor, Server Infrastructure
> Reporter: Ashish Thusoo
> Assignee: He Yongqiang
> Attachments: createuser-v1.patch, hive-78-metadata-v1.patch,
> hive-78-syntax-v1.patch, hive-78.diff
>
>
> Allow hive to integrate with existing user repositories for authentication
> and authorization infromation.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
