Hive version 0.9.0 (hive-common-0.9.0-cdh4.1.2.jar) Is there a way to disable -h <hostname> option ?
This way , I can disable anyone on the network drop/alter tables. Like I said below , even if I create a ROLE with only SELECT permission , a user on the network can DROP tables with a -h <hostname> option Thanks Sanjay From: Sanjay Subramanian <sanjay.subraman...@wizecommerce.com<mailto:sanjay.subraman...@wizecommerce.com>> Reply-To: "user@hive.apache.org<mailto:user@hive.apache.org>" <user@hive.apache.org<mailto:user@hive.apache.org>> Date: Thursday, August 1, 2013 6:37 PM To: "user@hive.apache.org<mailto:user@hive.apache.org>" <user@hive.apache.org<mailto:user@hive.apache.org>> Subject: Hive Authorization is bypassed with -h option Hi Hive version 0.9.0 (hive-common-0.9.0-cdh4.1.2.jar) <property> <name>hive.security.authorization.enabled</name> <value>true</value> <description>enable or disable the hive client authorization</description> </property> Linux User = hiveuser1 (no hive permissions) CASE 1 hive -e "select * from outpdir_ptitle_explanation_parsed limit 10" Authorization failed:No privilege 'Select' found for inputs { database:default, table:outpdir_ptitle_explanation_parsed, columnName:header_servername}. Use show grant to get more details. CASE 2 (use the -h option) hive -h localhost -e "select * from outpdir_ptitle_explanation_parsed limit 10" Shows results !!! Why does "-h" option bypass authorization Thanks sanjay CONFIDENTIALITY NOTICE ====================== This email message and any attachments are for the exclusive use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message along with any attachments, from your computer system. If you are the intended recipient, please be advised that the content of this message is subject to access, review and disclosure by the sender's Email System Administrator. CONFIDENTIALITY NOTICE ====================== This email message and any attachments are for the exclusive use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message along with any attachments, from your computer system. If you are the intended recipient, please be advised that the content of this message is subject to access, review and disclosure by the sender's Email System Administrator.
