Sergey Shelukhin created HIVE-17694:
---------------------------------------
Summary: restrict access to sysdb in a non-Ranger case
Key: HIVE-17694
URL: https://issues.apache.org/jira/browse/HIVE-17694
Project: Hive
Issue Type: Bug
Reporter: Sergey Shelukhin
Assignee: Gunther Hagleitner
With ranger, sysdb access is restricted by ranger based on the database type in
table properties (as far as I understand, that already works).
It might make sense to restrict access w/o ranger, given that one can probably
inject malicious query, or at least gain access to some real data like
partition key-values, values from column stats, etc, thru the sql string.
Not sure if a doAs mechanism is possible or easy to implement... some Hadoop
features allow specifying a set of users or groups in configuration (e.g. IPC
acls), so we can do that with a restricted config, and check the UGI.
Alternatively we can just add an off switch and restrict access, however it's
not very convenient with a restricted config, cause the only way to make
changes for the admin would be to temporarily give access to everyone (or again
everyone would be able to change it for their session).
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
