[
https://issues.apache.org/jira/browse/HIVE-8045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14140115#comment-14140115
]
Jason Dere commented on HIVE-8045:
----------------------------------
+1
> SQL standard auth with cli - Errors and configuration issues
> ------------------------------------------------------------
>
> Key: HIVE-8045
> URL: https://issues.apache.org/jira/browse/HIVE-8045
> Project: Hive
> Issue Type: Bug
> Components: Authorization
> Reporter: Jagruti Varia
> Assignee: Thejas M Nair
> Attachments: HIVE-8045.1.patch, HIVE-8045.2.patch, HIVE-8045.3.patch
>
>
> HIVE-7533 enabled sql std authorization to be set in hive cli (without
> enabling authorization checks). This updates hive configuration so that
> create-table and create-views set permissions appropriately for the owner of
> the table.
> HIVE-7209 added a metastore authorization provider that can be used to
> restricts calls made to the authorization api, so that only HS2 can make
> those calls (when HS2 uses embedded metastore).
> Some issues were found with this.
> # Even if hive.security.authorization.enabled=false, authorization checks
> were happening for non sql statements as add/detete/dfs/compile, which
> results in MetaStoreAuthzAPIAuthorizerEmbedOnly throwing an error.
> # Create table from hive-cli ended up calling metastore server api call
> (getRoles) and resulted in MetaStoreAuthzAPIAuthorizerEmbedOnly throwing an
> error.
> # Some users prefer to enable authorization using hive-site.xml for
> hive-server2 (hive.security.authorization.enabled param). If this file is
> shared by hive-cli and hive-server2, SQL std authorizer throws an error
> because is use in hive-cli is not allowed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
