lirui-apache commented on pull request #16745: URL: https://github.com/apache/flink/pull/16745#issuecomment-899955453
> but in non-secure cluster and authorization is enabled, i am afraid it won't satisfy some existing user scenarios, since the previous owner were empty. No, using UGI in non-secure cluster won't result in empty owner, the owner will be set as the user running the process. > in secure cluster and authorization is enabled, if the owner support setting value, this does not comply with the security authentication design. Could you post links to the authentication design you mentioned? I tried with hive 2.3.6 and found this is actually allowed. For example, in a kerberized env, you can kinit as `user1` but run Hive CLI as `user2`. And choose `SessionStateConfigUserAuthenticator` as the authentication provider. Then you can create tables whose owner is `user2`. Besides, Hive 3.x supports [altering table owner](https://issues.apache.org/jira/browse/HIVE-18762), so I doubt Hive requires table owner to be the same as the UGI creating the table in a secure cluster. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@flink.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
