[
https://issues.apache.org/jira/browse/HIVE-13446?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15255020#comment-15255020
]
Siddharth Seth commented on HIVE-13446:
---------------------------------------
The patch itself looks good in what it's doing.
Couple of questions / comments.
- Is the LLAP_VALIDATE_ACLS property really needed ? Why not always have this
enabled.
- Changing the default for "hive.llap.management.acl" to " " instead of "*"
seems to be a simpler approach. Afaik, the logged in user will still be allowed
access.
The default would allow only the logged in user (assuming that works). Instead
of changing LLAP_VALIDATE_ACLS - users can modify the actual ACLs if they want
to grant access to additional users.
- hive.llap.management.acl.blocked - This seems very brittle. BLOCKED is an
internal constant in Hadoop ServiceAuthorizationManager. I'm not sure how any
project outside of Hadoop is supposed to use this in a reliable manner.
Maybe define the man acl configuration as a string and add the blocked to it -
to prevent strange naming problems mentioned in the code.
> LLAP: set default management protocol acls to deny all
> ------------------------------------------------------
>
> Key: HIVE-13446
> URL: https://issues.apache.org/jira/browse/HIVE-13446
> Project: Hive
> Issue Type: Bug
> Reporter: Sergey Shelukhin
> Assignee: Sergey Shelukhin
> Attachments: HIVE-13446.patch
>
>
> The user needs to set the acls.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
