cuibo01 commented on pull request #16745: URL: https://github.com/apache/flink/pull/16745#issuecomment-900743034
> Could you post links to the authentication design you mentioned? I tried with hive 2.3.6 and found this is actually allowed. For example, in a kerberized env, you can kinit as `user1` but run Hive CLI as `user2`. And choose `SessionStateConfigUserAuthenticator` as the authentication provider. Then you can create tables whose owner is `user2`. Besides, Hive 3.x supports [altering table owner](https://issues.apache.org/jira/browse/HIVE-18762), so I doubt Hive requires table owner to be the same as the UGI creating the table in a secure cluster. i dont have link. According to development experience, in a security cluster, the authorized user must be the same as the authenticated user or proxy user, and the authenticated user cannot be changed. Therefore, in a security cluster, authorized users cannot be specified. ok, i have updated the PR -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@flink.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
