Apache Sentry (incubating) provides fine-grained role-based authorization for Hive among other components of the Hadoop ecosystem. It currently supports fully secure, fine-grained, role-based authorization for Hive and can be used to prevent the scenario described earlier i.e., prevent a user from dropping a table the user shouldn't be allowed to drop.
Shreepadma On Fri, Nov 22, 2013 at 12:55 PM, <simon.2.thomp...@bt.com> wrote: > Thanks Alan - I'll fwd the spec in the Jira to some of our security and > integrity people for comment. > > Simon > ---- > Dr. Simon Thompson > > ________________________________________ > From: Alan Gates [ga...@hortonworks.com] > Sent: 22 November 2013 20:53 > To: user@hive.apache.org > Subject: Re: How to prevent user drop table in Hive metadata? > > See https://issues.apache.org/jira/browse/HIVE-5837 for a JIRA addressing > this. > > Also, you can use the StorageBasedAuthorizationProvider in Hive, which > bases metadata security on file security. So if the user doesn't have > permissions to remove the directory that stores the table data, they won't > have permissions to drop the table. This isn't perfect, but it's a start. > > Alan. > > On Nov 22, 2013, at 11:49 AM, <simon.2.thomp...@bt.com> < > simon.2.thomp...@bt.com> wrote: > > > Has no one raised a Jira ticket ? > > > > ---- > > Dr. Simon Thompson > > > > ________________________________________ > > From: Biswajit Nayak [biswajit.na...@inmobi.com] > > Sent: 22 November 2013 19:45 > > To: user@hive.apache.org > > Subject: Re: How to prevent user drop table in Hive metadata? > > > > Hi Echo, > > > > I dont think there is any to prevent this. I had the same concern in > hbase, but found out that it is assumed that user using the system are very > much aware of it. I am into hive from last 3 months, was looking for some > kind of way here, but no luck till now.. > > > > Thanks > > Biswa > > > > On 23 Nov 2013 01:06, "Echo Li" <echo...@gmail.com<mailto: > echo...@gmail.com>> wrote: > > Good Friday! > > > > I was trying to apply certain level of security in our hive data > warehouse, by modifying access mode of directories and files on hdfs to 755 > I think it's good enough for a new user to remove data, however the user > still can drop the table definition in hive cli, seems the "revoke" doesn't > help much, is there any way to prevent this? > > > > > > Thanks, > > Echo > > > > _____________________________________________________________ > > The information contained in this communication is intended solely for > the use of the individual or entity to whom it is addressed and others > authorized to receive it. It may contain confidential or legally privileged > information. If you are not the intended recipient you are hereby notified > that any disclosure, copying, distribution or taking any action in reliance > on the contents of this information is strictly prohibited and may be > unlawful. If you have received this communication in error, please notify > us immediately by responding to this email and then delete it from your > system. The firm is neither liable for the proper and complete transmission > of the information contained in this communication nor for any delay in its > receipt. > > > -- > CONFIDENTIALITY NOTICE > NOTICE: This message is intended for the use of the individual or entity to > which it is addressed and may contain information that is confidential, > privileged and exempt from disclosure under applicable law. If the reader > of this message is not the intended recipient, you are hereby notified that > any printing, copying, dissemination, distribution, disclosure or > forwarding of this communication is strictly prohibited. If you have > received this communication in error, please contact the sender immediately > and delete it from your system. Thank You. >
