[jira] [Updated] (HIVE-7209) allow metastore authorization api calls to be restricted to certain invokers

Thejas M Nair (JIRA) Thu, 12 Jun 2014 14:15:30 -0700

     [ 
https://issues.apache.org/jira/browse/HIVE-7209?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Thejas M Nair updated HIVE-7209:
--------------------------------

    Status: Patch Available  (was: Open)

> allow metastore authorization api calls to be restricted to certain invokers
> ----------------------------------------------------------------------------
>
>                 Key: HIVE-7209
>                 URL: https://issues.apache.org/jira/browse/HIVE-7209
>             Project: Hive
>          Issue Type: Bug
>          Components: Authentication, Metastore
>            Reporter: Thejas M Nair
>            Assignee: Thejas M Nair
>         Attachments: HIVE-7209.1.patch
>
>
> Any user who has direct access to metastore can make metastore api calls that 
> modify the authorization policy. 
> The users who can make direct metastore api calls in a secure cluster 
> configuration are usually the 'cluster insiders' such as Pig and MR users, 
> who are not (securely) covered by the metastore based authorization policy. 
> But it makes sense to disallow access from such users as well.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HIVE-7209) allow metastore authorization api calls to be restricted to certain invokers

Reply via email to