Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Plain View
Hive, mail # user - How to prevent user drop table in Hive metadata?


+
Echo Li 2013-11-22, 19:36
+
Richard Nadeau 2013-11-22, 20:39
+
Biswajit Nayak 2013-11-22, 19:45
+
simon.2.thompson@... 2013-11-22, 19:49
+
Biswajit Nayak 2013-11-22, 19:51
+
Alan Gates 2013-11-22, 20:53
+
simon.2.thompson@... 2013-11-22, 20:55
Copy link to this message
-
Re: How to prevent user drop table in Hive metadata?
Shreepadma Venugopalan 2013-11-22, 22:36
Apache Sentry (incubating) provides fine-grained role-based authorization
for Hive among other components of the Hadoop ecosystem. It currently
supports fully secure, fine-grained, role-based authorization for Hive and
can be used to prevent the scenario described earlier i.e., prevent a user
from dropping a table the user shouldn't be allowed to drop.

Shreepadma
On Fri, Nov 22, 2013 at 12:55 PM, <[EMAIL PROTECTED]> wrote:

> Thanks Alan - I'll fwd the spec in the Jira to some of our security and
> integrity people for comment.
>
> Simon
> ----
> Dr. Simon Thompson
>
> ________________________________________
> From: Alan Gates [[EMAIL PROTECTED]]
> Sent: 22 November 2013 20:53
> To: [EMAIL PROTECTED]
> Subject: Re: How to prevent user drop table in Hive metadata?
>
> See https://issues.apache.org/jira/browse/HIVE-5837 for a JIRA addressing
> this.
>
> Also, you can use the StorageBasedAuthorizationProvider in Hive, which
> bases metadata security on file security.  So if the user doesn't have
> permissions to remove the directory that stores the table data, they won't
> have permissions to drop the table.  This isn't perfect, but it's a start.
>
> Alan.
>
> On Nov 22, 2013, at 11:49 AM, <[EMAIL PROTECTED]> <
> [EMAIL PROTECTED]> wrote:
>
> > Has no one raised a Jira ticket ?
> >
> > ----
> > Dr. Simon Thompson
> >
> > ________________________________________
> > From: Biswajit Nayak [[EMAIL PROTECTED]]
> > Sent: 22 November 2013 19:45
> > To: [EMAIL PROTECTED]
> > Subject: Re: How to prevent user drop table in Hive metadata?
> >
> > Hi Echo,
> >
> > I dont think there is any to prevent this. I had the same concern in
> hbase, but found out that it is assumed that user using the system are very
> much aware of it.  I am into hive from last 3 months, was looking for some
> kind of way here, but no luck till now..
> >
> > Thanks
> > Biswa
> >
> > On 23 Nov 2013 01:06, "Echo Li" <[EMAIL PROTECTED]<mailto:
> [EMAIL PROTECTED]>> wrote:
> > Good Friday!
> >
> > I was trying to apply certain level of security in our hive data
> warehouse, by modifying access mode of directories and files on hdfs to 755
> I think it's good enough for a new user to remove data, however the user
> still can drop the table definition in hive cli, seems the "revoke" doesn't
> help much, is there any way to prevent this?
> >
> >
> > Thanks,
> > Echo
> >
> > _____________________________________________________________
> > The information contained in this communication is intended solely for
> the use of the individual or entity to whom it is addressed and others
> authorized to receive it. It may contain confidential or legally privileged
> information. If you are not the intended recipient you are hereby notified
> that any disclosure, copying, distribution or taking any action in reliance
> on the contents of this information is strictly prohibited and may be
> unlawful. If you have received this communication in error, please notify
> us immediately by responding to this email and then delete it from your
> system. The firm is neither liable for the proper and complete transmission
> of the information contained in this communication nor for any delay in its
> receipt.
>
>
> --
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any printing, copying, dissemination, distribution, disclosure or
> forwarding of this communication is strictly prohibited. If you have
> received this communication in error, please contact the sender immediately
> and delete it from your system. Thank You.
>
+
Echo Li 2013-11-22, 23:06
+
Xiu Guo 2013-11-22, 23:11
+
Shreepadma Venugopalan 2013-11-23, 00:25
+
Sanjay Subramanian 2013-12-01, 06:00
+
Nitin Pawar 2013-11-22, 20:04
+
Jov 2013-12-01, 06:41