[
https://issues.apache.org/jira/browse/HIVE-5837?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13892750#comment-13892750
]
Thejas M Nair commented on HIVE-5837:
-------------------------------------
The current proposal does not talk about what determines the privilege to
create a view and what privileges the creator of view will have on the new view.
Based on my reading of the standard (only looking at select access on views
because of what hive supports): View has select with grant for user A creating
the view, if user has select-grant on all the input columns in query-expression.
There also seems to be rule about being able to create views without grant
privileges on tables (just select), but I think we can just start with allowing
on tables for which user has select-with-grant.
The current proposal says that database ownership will determine the privileges
to alter and drop table. But this would be a problem for migration, for
clusters where there are many tables under a database owned by different users.
I propose that we base alter and drop table privilege on ownership of the table
instead.
> SQL standard based secure authorization for hive
> ------------------------------------------------
>
> Key: HIVE-5837
> URL: https://issues.apache.org/jira/browse/HIVE-5837
> Project: Hive
> Issue Type: New Feature
> Components: Authorization
> Reporter: Thejas M Nair
> Assignee: Thejas M Nair
> Attachments: SQL standard authorization hive.pdf
>
>
> The current default authorization is incomplete and not secure. The
> alternative of storage based authorization provides security but does not
> provide fine grained authorization.
> The proposal is to support secure fine grained authorization in hive using
> SQL standard based authorization model.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
