Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Plain View
Hive >> mail # user >> How to prevent user drop table in Hive metadata?


+
Echo Li 2013-11-22, 19:36
+
Richard Nadeau 2013-11-22, 20:39
+
Biswajit Nayak 2013-11-22, 19:45
+
simon.2.thompson@... 2013-11-22, 19:49
+
Biswajit Nayak 2013-11-22, 19:51
+
Alan Gates 2013-11-22, 20:53
+
simon.2.thompson@... 2013-11-22, 20:55
+
Shreepadma Venugopalan 2013-11-22, 22:36
+
Echo Li 2013-11-22, 23:06
+
Xiu Guo 2013-11-22, 23:11
+
Shreepadma Venugopalan 2013-11-23, 00:25
Copy link to this message
-
Re: How to prevent user drop table in Hive metadata?
Cloudera Sentry is awesome and I have implemented this in Cloudera manager 4.7.2 CDH 4.4.0. Thanks again to shreepadma for all answers to my questions on the CDH users group. I can provide guidance on Sentry configs if needed.

Sent from my iPhone

> On Nov 22, 2013, at 4:25 PM, Shreepadma Venugopalan <[EMAIL PROTECTED]> wrote:
>
> Apache Sentry is already available and made its first incubating release a couple of months back.
>
>
>> On Fri, Nov 22, 2013 at 3:06 PM, Echo Li <[EMAIL PROTECTED]> wrote:
>> Thanks all, that's all very helpful information.
>>
>> Shreepadma, when will the Apache Sentry come GA?
>>
>>
>>> On Fri, Nov 22, 2013 at 2:36 PM, Shreepadma Venugopalan <[EMAIL PROTECTED]> wrote:
>>> Apache Sentry (incubating) provides fine-grained role-based authorization for Hive among other components of the Hadoop ecosystem. It currently supports fully secure, fine-grained, role-based authorization for Hive and can be used to prevent the scenario described earlier i.e., prevent a user from dropping a table the user shouldn't be allowed to drop.
>>>
>>> Shreepadma
>>>
>>>
>>>> On Fri, Nov 22, 2013 at 12:55 PM, <[EMAIL PROTECTED]> wrote:
>>>> Thanks Alan - I'll fwd the spec in the Jira to some of our security and integrity people for comment.
>>>>
>>>> Simon
>>>> ----
>>>> Dr. Simon Thompson
>>>>
>>>> ________________________________________
>>>> From: Alan Gates [[EMAIL PROTECTED]]
>>>> Sent: 22 November 2013 20:53
>>>> To: [EMAIL PROTECTED]
>>>> Subject: Re: How to prevent user drop table in Hive metadata?
>>>>
>>>> See https://issues.apache.org/jira/browse/HIVE-5837 for a JIRA addressing this.
>>>>
>>>> Also, you can use the StorageBasedAuthorizationProvider in Hive, which bases metadata security on file security.  So if the user doesn't have permissions to remove the directory that stores the table data, they won't have permissions to drop the table.  This isn't perfect, but it's a start.
>>>>
>>>> Alan.
>>>>
>>>> On Nov 22, 2013, at 11:49 AM, <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> wrote:
>>>>
>>>> > Has no one raised a Jira ticket ?
>>>> >
>>>> > ----
>>>> > Dr. Simon Thompson
>>>> >
>>>> > ________________________________________
>>>> > From: Biswajit Nayak [[EMAIL PROTECTED]]
>>>> > Sent: 22 November 2013 19:45
>>>> > To: [EMAIL PROTECTED]
>>>> > Subject: Re: How to prevent user drop table in Hive metadata?
>>>> >
>>>> > Hi Echo,
>>>> >
>>>> > I dont think there is any to prevent this. I had the same concern in hbase, but found out that it is assumed that user using the system are very much aware of it.  I am into hive from last 3 months, was looking for some kind of way here, but no luck till now..
>>>> >
>>>> > Thanks
>>>> > Biswa
>>>> >
>>>> > On 23 Nov 2013 01:06, "Echo Li" <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>> wrote:
>>>> > Good Friday!
>>>> >
>>>> > I was trying to apply certain level of security in our hive data warehouse, by modifying access mode of directories and files on hdfs to 755 I think it's good enough for a new user to remove data, however the user still can drop the table definition in hive cli, seems the "revoke" doesn't help much, is there any way to prevent this?
>>>> >
>>>> >
>>>> > Thanks,
>>>> > Echo
>>>> >
>>>> > _____________________________________________________________
>>>> > The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system. The firm is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt.
+
Nitin Pawar 2013-11-22, 20:04
+
Jov 2013-12-01, 06:41