[jira] [Updated] (HIVE-2809) StorageHandler authorization providers

Fri, 24 Feb 2012 16:10:20 -0800 

     [ 
https://issues.apache.org/jira/browse/HIVE-2809?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Phabricator updated HIVE-2809:
------------------------------

    Attachment: HIVE-2809.D1953.1.patch

enis requested code review of "HIVE-2809 [jira] StorageHandler authorization 
providers".
Reviewers: JIRA

  HIVE-2809. StorageHandler authorization providers.

  HIVE-2809. StorageHandler authorization providers.

  In this issue, we would like to discuss the possibility of supplementing the 
Hive authorization model with authorization at the storage level. As discussed 
in HIVE-1943, Hive should also check for operation permissions in hdfs and 
hbase, since otherwise, data and metadata can be in an inconsistent state or be 
orphaned. Going a step further, some of the setups might not need the full 
featured auth model by Hive, but want to rely on managing the permissions at 
the data layer. In this model, the metadata operations are checked first from 
hdfs/hbase and it is allowed only if they are allowed at the data layer. The 
semantics are documented at 
https://cwiki.apache.org/confluence/display/HCATALOG/Hcat+Security+Design.

  So, the goals of this issue are:

        Port storage handler specific authorization providers, and the 
StorageDelegationAuthorizationProvider from HCATALOG-245 and HCATALOG-260 to 
Hive.
        Keep current Hive's default authorization provider, and enable user to 
use this and/or the storage one. auth providers are already configurable.
        Move the manual checks that had to be performed about authorization in 
Hcat to Hive, specifically:

                CREATE DATABASE/TABLE, ADD PARTITION statements does not call
     HiveAuthorizationProvider.authorize() with the candidate objects, which 
means that
     we cannot do checks against defined LOCATION.
                HiveOperation does not define sufficient Privileges for most of 
the operations,
      especially database operations.
                For some of the operations, Hive SemanticAnalyzer does not add 
the changed
      object as a WriteEntity or ReadEntity.

TEST PLAN
  EMPTY

REVISION DETAIL
  https://reviews.facebook.net/D1953

AFFECTED FILES
  
common/src/java/org/apache/hadoop/hive/common/security/authorization/HdfsAuthorizationProvider.java
  
common/src/java/org/apache/hadoop/hive/common/security/authorization/StorageDelegationAuthorizationProvider.java
  
common/src/test/org/apache/hadoop/hive/common/security/authorization/AuthTestUtils.java
  
common/src/test/org/apache/hadoop/hive/common/security/authorization/TestHdfsAuthorizationProvider.java
  ql/src/java/org/apache/hadoop/hive/ql/Driver.java
  ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java
  ql/src/java/org/apache/hadoop/hive/ql/hooks/ReadEntity.java
  ql/src/java/org/apache/hadoop/hive/ql/hooks/WriteEntity.java
  ql/src/java/org/apache/hadoop/hive/ql/metadata/Hive.java
  ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java
  ql/src/java/org/apache/hadoop/hive/ql/plan/HiveOperation.java
  ql/src/test/queries/clientpositive/alter_rename_partition_authorization.q
  ql/src/test/queries/clientpositive/exim_23_import_part_authsuccess.q
  ql/src/test/results/clientpositive/add_part_exist.q.out
  ql/src/test/results/clientpositive/alter1.q.out
  ql/src/test/results/clientpositive/alter2.q.out
  ql/src/test/results/clientpositive/alter3.q.out
  ql/src/test/results/clientpositive/alter4.q.out
  ql/src/test/results/clientpositive/alter5.q.out
  ql/src/test/results/clientpositive/alter_index.q.out
  ql/src/test/results/clientpositive/alter_merge_2.q.out
  ql/src/test/results/clientpositive/alter_merge_stats.q.out
  ql/src/test/results/clientpositive/alter_partition_format_loc.q.out
  ql/src/test/results/clientpositive/alter_rename_partition.q.out
  ql/src/test/results/clientpositive/alter_table_serde.q.out
  ql/src/test/results/clientpositive/autogen_colalias.q.out
  ql/src/test/results/clientpositive/ba_table1.q.out
  ql/src/test/results/clientpositive/ba_table2.q.out
  ql/src/test/results/clientpositive/ba_table_udfs.q.out
  ql/src/test/results/clientpositive/ba_table_union.q.out
  ql/src/test/results/clientpositive/binary_table_bincolserde.q.out
  ql/src/test/results/clientpositive/binary_table_colserde.q.out
  ql/src/test/results/clientpositive/bucket_groupby.q.out
  ql/src/test/results/clientpositive/columnarserde_create_shortcut.q.out
  ql/src/test/results/clientpositive/combine2.q.out
  ql/src/test/results/clientpositive/combine3.q.out
  ql/src/test/results/clientpositive/create_1.q.out
  ql/src/test/results/clientpositive/create_default_prop.q.out
  ql/src/test/results/clientpositive/create_escape.q.out
  ql/src/test/results/clientpositive/create_insert_outputformat.q.out
  ql/src/test/results/clientpositive/create_like.q.out
  ql/src/test/results/clientpositive/create_like_view.q.out
  ql/src/test/results/clientpositive/create_nested_type.q.out
  ql/src/test/results/clientpositive/create_or_replace_view.q.out
  ql/src/test/results/clientpositive/create_view.q.out
  ql/src/test/results/clientpositive/create_view_partitioned.q.out
  ql/src/test/results/clientpositive/ctas.q.out
  ql/src/test/results/clientpositive/database.q.out
  ql/src/test/results/clientpositive/database_location.q.out
  ql/src/test/results/clientpositive/database_properties.q.out
  ql/src/test/results/clientpositive/ddltime.q.out
  ql/src/test/results/clientpositive/default_partition_name.q.out
  ql/src/test/results/clientpositive/describe_formatted_view_partitioned.q.out
  ql/src/test/results/clientpositive/describe_table.q.out
  ql/src/test/results/clientpositive/drop_multi_partitions.q.out
  ql/src/test/results/clientpositive/exim_00_nonpart_empty.q.out
  ql/src/test/results/clientpositive/exim_01_nonpart.q.out
  ql/src/test/results/clientpositive/exim_02_00_part_empty.q.out
  ql/src/test/results/clientpositive/exim_02_part.q.out
  ql/src/test/results/clientpositive/exim_03_nonpart_over_compat.q.out
  ql/src/test/results/clientpositive/exim_04_all_part.q.out
  ql/src/test/results/clientpositive/exim_04_evolved_parts.q.out
  ql/src/test/results/clientpositive/exim_05_some_part.q.out
  ql/src/test/results/clientpositive/exim_06_one_part.q.out
  ql/src/test/results/clientpositive/exim_07_all_part_over_nonoverlap.q.out
  ql/src/test/results/clientpositive/exim_08_nonpart_rename.q.out
  ql/src/test/results/clientpositive/exim_09_part_spec_nonoverlap.q.out
  ql/src/test/results/clientpositive/exim_10_external_managed.q.out
  ql/src/test/results/clientpositive/exim_11_managed_external.q.out
  ql/src/test/results/clientpositive/exim_12_external_location.q.out
  ql/src/test/results/clientpositive/exim_13_managed_location.q.out
  
ql/src/test/results/clientpositive/exim_14_managed_location_over_existing.q.out
  ql/src/test/results/clientpositive/exim_15_external_part.q.out
  ql/src/test/results/clientpositive/exim_16_part_external.q.out
  ql/src/test/results/clientpositive/exim_17_part_managed.q.out
  ql/src/test/results/clientpositive/exim_18_part_external.q.out
  ql/src/test/results/clientpositive/exim_19_00_part_external_location.q.out
  ql/src/test/results/clientpositive/exim_19_part_external_location.q.out
  ql/src/test/results/clientpositive/exim_20_part_managed_location.q.out
  ql/src/test/results/clientpositive/exim_22_import_exist_authsuccess.q.out
  ql/src/test/results/clientpositive/exim_23_import_part_authsuccess.q.out

MANAGE HERALD DIFFERENTIAL RULES
  https://reviews.facebook.net/herald/view/differential/

WHY DID I GET THIS EMAIL?
  https://reviews.facebook.net/herald/transcript/4131/

Tip: use the X-Herald-Rules header to filter Herald messages in your client.

                
> StorageHandler authorization providers
> --------------------------------------
>
>                 Key: HIVE-2809
>                 URL: https://issues.apache.org/jira/browse/HIVE-2809
>             Project: Hive
>          Issue Type: New Feature
>    Affects Versions: 0.9.0
>            Reporter: Enis Soztutar
>            Assignee: Enis Soztutar
>         Attachments: HIVE-2809.D1953.1.patch
>
>
> In this issue, we would like to discuss the possibility of supplementing the 
> Hive authorization model with authorization at the storage level. As 
> discussed in HIVE-1943, Hive should also check for operation permissions in 
> hdfs and hbase, since otherwise, data and metadata can be in an inconsistent 
> state or be orphaned. Going a step further, some of the setups might not need 
> the full featured auth model by Hive, but want to rely on managing the 
> permissions at the data layer. In this model, the metadata operations are 
> checked first from hdfs/hbase and it is allowed only if they are allowed at 
> the data layer. The semantics are documented at 
> https://cwiki.apache.org/confluence/display/HCATALOG/Hcat+Security+Design. 
> So, the goals of this issue are: 
>  - Port storage handler specific authorization providers, and the 
> StorageDelegationAuthorizationProvider from HCATALOG-245 and HCATALOG-260 to 
> Hive. 
>  - Keep current Hive's default authorization provider, and enable user to use 
> this and/or the storage one. auth providers are already configurable.
>  - Move the manual checks that had to be performed about authorization in 
> Hcat to Hive, specifically:
>   -- CREATE DATABASE/TABLE, ADD PARTITION statements does not call 
>    HiveAuthorizationProvider.authorize() with the candidate objects, which 
> means that
>    we cannot do checks against defined LOCATION.
>   -- HiveOperation does not define sufficient Privileges for most of the 
> operations, 
>     especially database operations. 
>   -- For some of the operations, Hive SemanticAnalyzer does not add the 
> changed 
>     object as a WriteEntity or ReadEntity.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to