[
https://issues.apache.org/jira/browse/HIVE-7209?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14205841#comment-14205841
]
Lefty Leverenz commented on HIVE-7209:
--------------------------------------
Doc notes: The description of *hive.security.metastore.authorization.manager*
needs to be updated in the wiki (with version information, and keeping some
extra information not found in HiveConf.java).
* [Configuration Properties -- hive.security.metastore.authorization.manager |
https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-hive.security.metastore.authorization.manager]
Other than that, HIVE-7759 will add general documentation for this feature with
a section in the SQL standard authorization doc about CLI behavior with SQL
standard authorization turned on.
* [SQL Standard Based Hive Authorization |
https://cwiki.apache.org/confluence/display/Hive/SQL+Standard+Based+Hive+Authorization]
> allow metastore authorization api calls to be restricted to certain invokers
> ----------------------------------------------------------------------------
>
> Key: HIVE-7209
> URL: https://issues.apache.org/jira/browse/HIVE-7209
> Project: Hive
> Issue Type: Bug
> Components: Authentication, Metastore
> Reporter: Thejas M Nair
> Assignee: Thejas M Nair
> Labels: TODOC14
> Fix For: 0.14.0
>
> Attachments: HIVE-7209.1.patch, HIVE-7209.2.patch, HIVE-7209.3.patch,
> HIVE-7209.4.patch
>
>
> Any user who has direct access to metastore can make metastore api calls that
> modify the authorization policy.
> The users who can make direct metastore api calls in a secure cluster
> configuration are usually the 'cluster insiders' such as Pig and MR users,
> who are not (securely) covered by the metastore based authorization policy.
> But it makes sense to disallow access from such users as well.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
