Does something like this not do the job? <property> <name>hive.security.authorization.createtable.user.grants</name> <value>user1:select;user2:create</value> </property>
I thought tweaking hive-site.xml would be fine. On Fri, Nov 22, 2013 at 3:06 PM, Echo Li <echo...@gmail.com> wrote: > Thanks all, that's all very helpful information. > > Shreepadma, when will the Apache Sentry come GA? > > > On Fri, Nov 22, 2013 at 2:36 PM, Shreepadma Venugopalan < > shreepa...@apache.org> wrote: > >> Apache Sentry (incubating) provides fine-grained role-based authorization >> for Hive among other components of the Hadoop ecosystem. It currently >> supports fully secure, fine-grained, role-based authorization for Hive and >> can be used to prevent the scenario described earlier i.e., prevent a user >> from dropping a table the user shouldn't be allowed to drop. >> >> Shreepadma >> >> >> On Fri, Nov 22, 2013 at 12:55 PM, <simon.2.thomp...@bt.com> wrote: >> >>> Thanks Alan - I'll fwd the spec in the Jira to some of our security and >>> integrity people for comment. >>> >>> Simon >>> ---- >>> Dr. Simon Thompson >>> >>> ________________________________________ >>> From: Alan Gates [ga...@hortonworks.com] >>> Sent: 22 November 2013 20:53 >>> To: user@hive.apache.org >>> Subject: Re: How to prevent user drop table in Hive metadata? >>> >>> See https://issues.apache.org/jira/browse/HIVE-5837 for a JIRA >>> addressing this. >>> >>> Also, you can use the StorageBasedAuthorizationProvider in Hive, which >>> bases metadata security on file security. So if the user doesn't have >>> permissions to remove the directory that stores the table data, they won't >>> have permissions to drop the table. This isn't perfect, but it's a start. >>> >>> Alan. >>> >>> On Nov 22, 2013, at 11:49 AM, <simon.2.thomp...@bt.com> < >>> simon.2.thomp...@bt.com> wrote: >>> >>> > Has no one raised a Jira ticket ? >>> > >>> > ---- >>> > Dr. Simon Thompson >>> > >>> > ________________________________________ >>> > From: Biswajit Nayak [biswajit.na...@inmobi.com] >>> > Sent: 22 November 2013 19:45 >>> > To: user@hive.apache.org >>> > Subject: Re: How to prevent user drop table in Hive metadata? >>> > >>> > Hi Echo, >>> > >>> > I dont think there is any to prevent this. I had the same concern in >>> hbase, but found out that it is assumed that user using the system are very >>> much aware of it. I am into hive from last 3 months, was looking for some >>> kind of way here, but no luck till now.. >>> > >>> > Thanks >>> > Biswa >>> > >>> > On 23 Nov 2013 01:06, "Echo Li" <echo...@gmail.com<mailto: >>> echo...@gmail.com>> wrote: >>> > Good Friday! >>> > >>> > I was trying to apply certain level of security in our hive data >>> warehouse, by modifying access mode of directories and files on hdfs to 755 >>> I think it's good enough for a new user to remove data, however the user >>> still can drop the table definition in hive cli, seems the "revoke" doesn't >>> help much, is there any way to prevent this? >>> > >>> > >>> > Thanks, >>> > Echo >>> > >>> > _____________________________________________________________ >>> > The information contained in this communication is intended solely for >>> the use of the individual or entity to whom it is addressed and others >>> authorized to receive it. It may contain confidential or legally privileged >>> information. If you are not the intended recipient you are hereby notified >>> that any disclosure, copying, distribution or taking any action in reliance >>> on the contents of this information is strictly prohibited and may be >>> unlawful. If you have received this communication in error, please notify >>> us immediately by responding to this email and then delete it from your >>> system. The firm is neither liable for the proper and complete transmission >>> of the information contained in this communication nor for any delay in its >>> receipt. >>> >>> >>> -- >>> CONFIDENTIALITY NOTICE >>> NOTICE: This message is intended for the use of the individual or entity >>> to >>> which it is addressed and may contain information that is confidential, >>> privileged and exempt from disclosure under applicable law. If the reader >>> of this message is not the intended recipient, you are hereby notified >>> that >>> any printing, copying, dissemination, distribution, disclosure or >>> forwarding of this communication is strictly prohibited. If you have >>> received this communication in error, please contact the sender >>> immediately >>> and delete it from your system. Thank You. >>> >> >> >
