[
https://issues.apache.org/jira/browse/HIVE-5837?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13893454#comment-13893454
]
Brock Noland commented on HIVE-5837:
------------------------------------
bq. I propose that we base alter and drop table privilege on ownership of the
table instead.
Ok, would this would deviate from the "SQL Standard"?
bq. Do have any opinion on how to deal with privilege on URI object based on
your experience? What should it mean, should it mean the privilege applies to
the directory and its sub dirs?
To avoid re-implementing file system permissions I'd suggest that once a prefix
to a URI is granted, that all children in that URI are also granted. Of course
the file system permissions will still need to be there for the URI to be
usable.
bq. Can things like symlinks pose security holes?
There is no way that symlinks can be securely followed in HDFS therefore
following symlinks must be disabled for this model to be secure.
> SQL standard based secure authorization for hive
> ------------------------------------------------
>
> Key: HIVE-5837
> URL: https://issues.apache.org/jira/browse/HIVE-5837
> Project: Hive
> Issue Type: New Feature
> Components: Authorization
> Reporter: Thejas M Nair
> Assignee: Thejas M Nair
> Attachments: SQL standard authorization hive.pdf
>
>
> The current default authorization is incomplete and not secure. The
> alternative of storage based authorization provides security but does not
> provide fine grained authorization.
> The proposal is to support secure fine grained authorization in hive using
> SQL standard based authorization model.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
