Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Plain View
Hive >> mail # user >> How to prevent user drop table in Hive metadata?


+
Echo Li 2013-11-22, 19:36
+
Richard Nadeau 2013-11-22, 20:39
+
Biswajit Nayak 2013-11-22, 19:45
+
simon.2.thompson@... 2013-11-22, 19:49
+
Biswajit Nayak 2013-11-22, 19:51
+
Alan Gates 2013-11-22, 20:53
+
simon.2.thompson@... 2013-11-22, 20:55
Copy link to this message
-
Re: How to prevent user drop table in Hive metadata?
Apache Sentry (incubating) provides fine-grained role-based authorization
for Hive among other components of the Hadoop ecosystem. It currently
supports fully secure, fine-grained, role-based authorization for Hive and
can be used to prevent the scenario described earlier i.e., prevent a user
from dropping a table the user shouldn't be allowed to drop.

Shreepadma
On Fri, Nov 22, 2013 at 12:55 PM, <[EMAIL PROTECTED]> wrote:

> Thanks Alan - I'll fwd the spec in the Jira to some of our security and
> integrity people for comment.
>
> Simon
> ----
> Dr. Simon Thompson
>
> ________________________________________
> From: Alan Gates [[EMAIL PROTECTED]]
> Sent: 22 November 2013 20:53
> To: [EMAIL PROTECTED]
> Subject: Re: How to prevent user drop table in Hive metadata?
>
> See https://issues.apache.org/jira/browse/HIVE-5837 for a JIRA addressing
> this.
>
> Also, you can use the StorageBasedAuthorizationProvider in Hive, which
> bases metadata security on file security.  So if the user doesn't have
> permissions to remove the directory that stores the table data, they won't
> have permissions to drop the table.  This isn't perfect, but it's a start.
>
> Alan.
>
> On Nov 22, 2013, at 11:49 AM, <[EMAIL PROTECTED]> <
> [EMAIL PROTECTED]> wrote:
>
> > Has no one raised a Jira ticket ?
> >
> > ----
> > Dr. Simon Thompson
> >
> > ________________________________________
> > From: Biswajit Nayak [[EMAIL PROTECTED]]
> > Sent: 22 November 2013 19:45
> > To: [EMAIL PROTECTED]
> > Subject: Re: How to prevent user drop table in Hive metadata?
> >
> > Hi Echo,
> >
> > I dont think there is any to prevent this. I had the same concern in
> hbase, but found out that it is assumed that user using the system are very
> much aware of it.  I am into hive from last 3 months, was looking for some
> kind of way here, but no luck till now..
> >
> > Thanks
> > Biswa
> >
> > On 23 Nov 2013 01:06, "Echo Li" <[EMAIL PROTECTED]<mailto:
> [EMAIL PROTECTED]>> wrote:
> > Good Friday!
> >
> > I was trying to apply certain level of security in our hive data
> warehouse, by modifying access mode of directories and files on hdfs to 755
> I think it's good enough for a new user to remove data, however the user
> still can drop the table definition in hive cli, seems the "revoke" doesn't
> help much, is there any way to prevent this?
> >
> >
> > Thanks,
> > Echo
> >
> > _____________________________________________________________
> > The information contained in this communication is intended solely for
> the use of the individual or entity to whom it is addressed and others
> authorized to receive it. It may contain confidential or legally privileged
> information. If you are not the intended recipient you are hereby notified
> that any disclosure, copying, distribution or taking any action in reliance
> on the contents of this information is strictly prohibited and may be
> unlawful. If you have received this communication in error, please notify
> us immediately by responding to this email and then delete it from your
> system. The firm is neither liable for the proper and complete transmission
> of the information contained in this communication nor for any delay in its
> receipt.
>
>
> --
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any printing, copying, dissemination, distribution, disclosure or
> forwarding of this communication is strictly prohibited. If you have
> received this communication in error, please contact the sender immediately
> and delete it from your system. Thank You.
>
+
Echo Li 2013-11-22, 23:06
+
Xiu Guo 2013-11-22, 23:11
+
Shreepadma Venugopalan 2013-11-23, 00:25
+
Sanjay Subramanian 2013-12-01, 06:00
+
Nitin Pawar 2013-11-22, 20:04
+
Jov 2013-12-01, 06:41
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB