[
https://issues.apache.org/jira/browse/HIVE-23296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17099569#comment-17099569
]
Eugene Chung commented on HIVE-23296:
-------------------------------------
This is the result of my misunderstanding of Hadoop impersonation feature.
> Setting Tez caller ID with the actual Hive user
> -----------------------------------------------
>
> Key: HIVE-23296
> URL: https://issues.apache.org/jira/browse/HIVE-23296
> Project: Hive
> Issue Type: Improvement
> Components: Tez
> Reporter: Eugene Chung
> Assignee: Eugene Chung
> Priority: Major
> Attachments: HIVE-23296.01.patch, Screen Shot 2020-04-24 at
> 17.20.34.png
>
>
> On the kerberized Hadoop environment, a submitter of an YARN job is the name
> part of the Hive server principal. A caller ID of the job is made of the OS
> user of the Hive server process.
> The view and modify ACLs of the Hive server for all Tez tasks are set by
> org.apache.hadoop.hive.ql.exec.tez.TezTask#setAccessControlsForCurrentUser()
> so that the admin who has the Hive server principal can see all tasks from
> tez-ui. But the admin hardly knows who executed each query.
> I suggest to change the caller ID to include the actual Hive user. If the
> user is not known, the OS user of the Hive server process is included as is.
> The attached picture shows that 'Caller ID' includes 'user1' which is the
> Kerberos user name of the actual Hive user.
> !Screen Shot 2020-04-24 at 17.20.34.png|width=683,height=29!
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
