Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Plain View
Hive, mail # user - "hive   -h <hostname>" option bypasses ROLES and access permissions ?


Copy link to this message
-
"hive   -h <hostname>" option bypasses ROLES and access permissions ?
Sanjay Subramanian 2013-08-12, 23:48
Hi

Hive version 0.9.0 (hive-common-0.9.0-cdh4.1.2.jar)
<property>
  <name>hive.security.authorization.enabled</name>
  <value>true</value>
  <description>enable or disable the hive client authorization</description>
</property>

Linux User = hiveuser1 (no hive permissions)

CASE 1
hive -e "select * from outpdir_ptitle_explanation_parsed limit 10"
Authorization failed:No privilege 'Select' found for inputs { database:default, table:outpdir_ptitle_explanation_parsed, columnName:header_servername}. Use show grant to get more details.

CASE 2 (use the -h option)
hive -h localhost -e "select * from outpdir_ptitle_explanation_parsed limit 10"
Shows results !!!

Why does "-h" option bypass authorization

Thanks

sanjay
CONFIDENTIALITY NOTICE
=====================This email message and any attachments are for the exclusive use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message along with any attachments, from your computer system. If you are the intended recipient, please be advised that the content of this message is subject to access, review and disclosure by the sender's Email System Administrator.

CONFIDENTIALITY NOTICE
=====================This email message and any attachments are for the exclusive use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message along with any attachments, from your computer system. If you are the intended recipient, please be advised that the content of this message is subject to access, review and disclosure by the sender's Email System Administrator.

CONFIDENTIALITY NOTICE
=====================This email message and any attachments are for the exclusive use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message along with any attachments, from your computer system. If you are the intended recipient, please be advised that the content of this message is subject to access, review and disclosure by the sender's Email System Administrator.