Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
Hive, mail # user - How to prevent user drop table in Hive metadata?


Copy link to this message
-
Re: How to prevent user drop table in Hive metadata?
Shreepadma Venugopalan 2013-11-23, 00:25
Apache Sentry is already available and made its first incubating release a
couple of months back.
On Fri, Nov 22, 2013 at 3:06 PM, Echo Li <[EMAIL PROTECTED]> wrote:

> Thanks all, that's all very helpful information.
>
> Shreepadma, when will the Apache Sentry come GA?
>
>
> On Fri, Nov 22, 2013 at 2:36 PM, Shreepadma Venugopalan <
> [EMAIL PROTECTED]> wrote:
>
>> Apache Sentry (incubating) provides fine-grained role-based authorization
>> for Hive among other components of the Hadoop ecosystem. It currently
>> supports fully secure, fine-grained, role-based authorization for Hive and
>> can be used to prevent the scenario described earlier i.e., prevent a user
>> from dropping a table the user shouldn't be allowed to drop.
>>
>> Shreepadma
>>
>>
>> On Fri, Nov 22, 2013 at 12:55 PM, <[EMAIL PROTECTED]> wrote:
>>
>>> Thanks Alan - I'll fwd the spec in the Jira to some of our security and
>>> integrity people for comment.
>>>
>>> Simon
>>> ----
>>> Dr. Simon Thompson
>>>
>>> ________________________________________
>>> From: Alan Gates [[EMAIL PROTECTED]]
>>> Sent: 22 November 2013 20:53
>>> To: [EMAIL PROTECTED]
>>> Subject: Re: How to prevent user drop table in Hive metadata?
>>>
>>> See https://issues.apache.org/jira/browse/HIVE-5837 for a JIRA
>>> addressing this.
>>>
>>> Also, you can use the StorageBasedAuthorizationProvider in Hive, which
>>> bases metadata security on file security.  So if the user doesn't have
>>> permissions to remove the directory that stores the table data, they won't
>>> have permissions to drop the table.  This isn't perfect, but it's a start.
>>>
>>> Alan.
>>>
>>> On Nov 22, 2013, at 11:49 AM, <[EMAIL PROTECTED]> <
>>> [EMAIL PROTECTED]> wrote:
>>>
>>> > Has no one raised a Jira ticket ?
>>> >
>>> > ----
>>> > Dr. Simon Thompson
>>> >
>>> > ________________________________________
>>> > From: Biswajit Nayak [[EMAIL PROTECTED]]
>>> > Sent: 22 November 2013 19:45
>>> > To: [EMAIL PROTECTED]
>>> > Subject: Re: How to prevent user drop table in Hive metadata?
>>> >
>>> > Hi Echo,
>>> >
>>> > I dont think there is any to prevent this. I had the same concern in
>>> hbase, but found out that it is assumed that user using the system are very
>>> much aware of it.  I am into hive from last 3 months, was looking for some
>>> kind of way here, but no luck till now..
>>> >
>>> > Thanks
>>> > Biswa
>>> >
>>> > On 23 Nov 2013 01:06, "Echo Li" <[EMAIL PROTECTED]<mailto:
>>> [EMAIL PROTECTED]>> wrote:
>>> > Good Friday!
>>> >
>>> > I was trying to apply certain level of security in our hive data
>>> warehouse, by modifying access mode of directories and files on hdfs to 755
>>> I think it's good enough for a new user to remove data, however the user
>>> still can drop the table definition in hive cli, seems the "revoke" doesn't
>>> help much, is there any way to prevent this?
>>> >
>>> >
>>> > Thanks,
>>> > Echo
>>> >
>>> > _____________________________________________________________
>>> > The information contained in this communication is intended solely for
>>> the use of the individual or entity to whom it is addressed and others
>>> authorized to receive it. It may contain confidential or legally privileged
>>> information. If you are not the intended recipient you are hereby notified
>>> that any disclosure, copying, distribution or taking any action in reliance
>>> on the contents of this information is strictly prohibited and may be
>>> unlawful. If you have received this communication in error, please notify
>>> us immediately by responding to this email and then delete it from your
>>> system. The firm is neither liable for the proper and complete transmission
>>> of the information contained in this communication nor for any delay in its
>>> receipt.
>>>
>>>
>>> --
>>> CONFIDENTIALITY NOTICE
>>> NOTICE: This message is intended for the use of the individual or entity
>>> to
>>> which it is addressed and may contain information that is confidential,
>>> privileged and exempt from disclosure under applicable law. If the reader