On 12/3/14, 3:34 PM, Pala M Muthaia wrote:
I didn't know doAs needs to be turned off. But I don't think that is
something to give up - users create tables, manage data, query etc, and we
need the queries/jobs to run as the user who submitted them for various
purposes including authorization, auditing, table ownership etc.
Not sure if you're trying to use HiveServer2 with ACL'd tables.
https://cwiki.apache.org/confluence/display/Hive/SQL+Standard+Based+Hive+Authorization#SQLStandardBasedHiveAuthorization-Configuration
clearly indicates that to fully secure a HiveServer2 install for role
based authorization, doAs has to be turned off for the query execution.
doAs=false is required for authorization, auditing and table ownership
to work correctly.
Cheers,
Gopal
