Thanks all, that's all very helpful information. Shreepadma, when will the Apache Sentry come GA?
On Fri, Nov 22, 2013 at 2:36 PM, Shreepadma Venugopalan < shreepa...@apache.org> wrote: > Apache Sentry (incubating) provides fine-grained role-based authorization > for Hive among other components of the Hadoop ecosystem. It currently > supports fully secure, fine-grained, role-based authorization for Hive and > can be used to prevent the scenario described earlier i.e., prevent a user > from dropping a table the user shouldn't be allowed to drop. > > Shreepadma > > > On Fri, Nov 22, 2013 at 12:55 PM, <simon.2.thomp...@bt.com> wrote: > >> Thanks Alan - I'll fwd the spec in the Jira to some of our security and >> integrity people for comment. >> >> Simon >> ---- >> Dr. Simon Thompson >> >> ________________________________________ >> From: Alan Gates [ga...@hortonworks.com] >> Sent: 22 November 2013 20:53 >> To: user@hive.apache.org >> Subject: Re: How to prevent user drop table in Hive metadata? >> >> See https://issues.apache.org/jira/browse/HIVE-5837 for a JIRA >> addressing this. >> >> Also, you can use the StorageBasedAuthorizationProvider in Hive, which >> bases metadata security on file security. So if the user doesn't have >> permissions to remove the directory that stores the table data, they won't >> have permissions to drop the table. This isn't perfect, but it's a start. >> >> Alan. >> >> On Nov 22, 2013, at 11:49 AM, <simon.2.thomp...@bt.com> < >> simon.2.thomp...@bt.com> wrote: >> >> > Has no one raised a Jira ticket ? >> > >> > ---- >> > Dr. Simon Thompson >> > >> > ________________________________________ >> > From: Biswajit Nayak [biswajit.na...@inmobi.com] >> > Sent: 22 November 2013 19:45 >> > To: user@hive.apache.org >> > Subject: Re: How to prevent user drop table in Hive metadata? >> > >> > Hi Echo, >> > >> > I dont think there is any to prevent this. I had the same concern in >> hbase, but found out that it is assumed that user using the system are very >> much aware of it. I am into hive from last 3 months, was looking for some >> kind of way here, but no luck till now.. >> > >> > Thanks >> > Biswa >> > >> > On 23 Nov 2013 01:06, "Echo Li" <echo...@gmail.com<mailto: >> echo...@gmail.com>> wrote: >> > Good Friday! >> > >> > I was trying to apply certain level of security in our hive data >> warehouse, by modifying access mode of directories and files on hdfs to 755 >> I think it's good enough for a new user to remove data, however the user >> still can drop the table definition in hive cli, seems the "revoke" doesn't >> help much, is there any way to prevent this? >> > >> > >> > Thanks, >> > Echo >> > >> > _____________________________________________________________ >> > The information contained in this communication is intended solely for >> the use of the individual or entity to whom it is addressed and others >> authorized to receive it. It may contain confidential or legally privileged >> information. If you are not the intended recipient you are hereby notified >> that any disclosure, copying, distribution or taking any action in reliance >> on the contents of this information is strictly prohibited and may be >> unlawful. If you have received this communication in error, please notify >> us immediately by responding to this email and then delete it from your >> system. The firm is neither liable for the proper and complete transmission >> of the information contained in this communication nor for any delay in its >> receipt. >> >> >> -- >> CONFIDENTIALITY NOTICE >> NOTICE: This message is intended for the use of the individual or entity >> to >> which it is addressed and may contain information that is confidential, >> privileged and exempt from disclosure under applicable law. If the reader >> of this message is not the intended recipient, you are hereby notified >> that >> any printing, copying, dissemination, distribution, disclosure or >> forwarding of this communication is strictly prohibited. If you have >> received this communication in error, please contact the sender >> immediately >> and delete it from your system. Thank You. >> > >
