[
https://issues.apache.org/jira/browse/HIVE-17701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16194047#comment-16194047
]
Tao Li commented on HIVE-17701:
-------------------------------
So with the patch, if the auth is enabled and user is not admin, then we return
the error page. If auth is disabled, then any user can view all the queries.
> Added restriction to historic queries on web UI
> -----------------------------------------------
>
> Key: HIVE-17701
> URL: https://issues.apache.org/jira/browse/HIVE-17701
> Project: Hive
> Issue Type: Bug
> Components: HiveServer2
> Reporter: Thejas M Nair
> Assignee: Tao Li
> Attachments: HIVE-17701.1.patch, HIVE-17701.2.patch
>
>
> The HiveServer2 Web UI (HIVE-12550) shows recently completed queries.
> However, a user can see the queries run by other users as well, and that is a
> security/privacy concern.
> Only admin users should be allowed to see queries from other users (similar
> to behavior of display for configs, stack trace etc).
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
