[jira] [Commented] (HIVE-5400) Allow admins to disable compile and other commands

Sat, 23 Nov 2013 01:25:11 -0800 

    [ 
https://issues.apache.org/jira/browse/HIVE-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13830626#comment-13830626
 ] 

Lefty Leverenz commented on HIVE-5400:
--------------------------------------

The patch adds {{hive.security.command.whitelist}} & 
{{hive.conf.restricted.list}} to hive-default.xml.template, but 
{{hive.conf.restricted.list}} is not documented in the wiki.

* Should it be in the wiki?
* If so, which release added it?

_Trivia:_  both descriptions spell "separated" wrong ("seperated"):

<property>
+  <name>hive.security.command.whitelist</name>
+  <value>set,reset,dfs,add,delete</value>
+  <description>Comma seperated list of non-SQL Hive commands users are 
authorized to execute</description>
+</property>
+
+<property>
+  <name>hive.conf.restricted.list</name>
+  <value></value>
+  <description>Comma seperated list of configuration options which are 
immutable at runtime</description>
+</property>

> Allow admins to disable compile and other commands
> --------------------------------------------------
>
>                 Key: HIVE-5400
>                 URL: https://issues.apache.org/jira/browse/HIVE-5400
>             Project: Hive
>          Issue Type: Sub-task
>            Reporter: Brock Noland
>            Assignee: Brock Noland
>             Fix For: 0.13.0
>
>         Attachments: HIVE-5400.patch, HIVE-5400.patch, HIVE-5400.patch
>
>
> From here: 
> https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220
>  I think we should afford admins who want to disable this functionality the 
> ability to do so. Since such admins might want to disable other commands such 
> as add or dfs, it wouldn't be much trouble to allow them to do this as well. 
> For example we could have a configuration option "hive.available.commands" 
> (or similar) which specified add,set,delete,reset, etc by default. Then check 
> this value in CommandProcessorFactory. It would probably make sense to add 
> this property to the restrict list.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to