[
https://issues.apache.org/jira/browse/HIVE-3009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13931984#comment-13931984
]
Alex Nastetsky commented on HIVE-3009:
--------------------------------------
Hi, are there still plans to fix this ticket? It is creating a security concern
in our scenario where we have different databases for each customer but any
user can do "show tables" in any database. Thanks.
> do authorization for all metadata operations
> --------------------------------------------
>
> Key: HIVE-3009
> URL: https://issues.apache.org/jira/browse/HIVE-3009
> Project: Hive
> Issue Type: Bug
> Components: Authorization, Metastore
> Reporter: Thejas M Nair
> Assignee: Vandana Ayyalasomayajula
>
> Most of the metadata read operations and some write operations are not
> checking for authorization.
> See org.apache.hadoop.hive.ql.plan.HiveOperation . Operations such as
> DESCTABLE and DROPDATABASE have null for required privileges.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
