Hi,all: I have a few questions about hive authentication and authorization:
(1)why do we need to set hive.server2.enable.doAs=false in SQL-Standard Based Authorization ? (2)when set hive.server2.enable.doAs=false in SQL-Standard Based Authorization,the beeline way to connecte HS2, the queries are run as the service user id of HiverServer2, how to make it use the users who is in current kerberos ticket cache? (because if "hive.server2.enable.doAs=false" and hive uri is like this——"jdbc:hive2://cdh1:10000/default;principal=hive/c...@javachen.com", the kerberos ticket cache will not work.) (3)Does hive 1.2.1 and later version still has grant/revoke BUG?——I found someone said that user needs to imply administrator privilege according to implements AbstractSemanticAnalyzerHook,if he want to let the administrator own the grant/revoke privilege only. But I also found a parameter "hive.users.in.admin.role",does this param makes up this deficiency? (4)Must I start up hive metastore service when SQL Standards Based Hive Authorization in conjunction with storage based authorization?( https://cwiki.apache.org/confluence/display/Hive/SQL+Standard+Based+Hive+Authorization),and if the two combined, “hive.server2.enable.doAs" set to false? (5)Can someone please give me a tip on this class: BitSetCheckAuthorizationProvider? if I can set "hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.BitSetCheckAuthorizationProvider"?What are the difference between BitSetCheckAuthorizationProvider and SQLStdHiveAuthorizerFactory? I am confused by these questions for a long time. I am eager to get your guidance. Any reply will be much appreciated. And thankyou again.
