Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
Hive, mail # user - How to prevent user drop table in Hive metadata?


Copy link to this message
-
Re: How to prevent user drop table in Hive metadata?
Echo Li 2013-11-22, 23:06
Thanks all, that's all very helpful information.

Shreepadma, when will the Apache Sentry come GA?
On Fri, Nov 22, 2013 at 2:36 PM, Shreepadma Venugopalan <
[EMAIL PROTECTED]> wrote:

> Apache Sentry (incubating) provides fine-grained role-based authorization
> for Hive among other components of the Hadoop ecosystem. It currently
> supports fully secure, fine-grained, role-based authorization for Hive and
> can be used to prevent the scenario described earlier i.e., prevent a user
> from dropping a table the user shouldn't be allowed to drop.
>
> Shreepadma
>
>
> On Fri, Nov 22, 2013 at 12:55 PM, <[EMAIL PROTECTED]> wrote:
>
>> Thanks Alan - I'll fwd the spec in the Jira to some of our security and
>> integrity people for comment.
>>
>> Simon
>> ----
>> Dr. Simon Thompson
>>
>> ________________________________________
>> From: Alan Gates [[EMAIL PROTECTED]]
>> Sent: 22 November 2013 20:53
>> To: [EMAIL PROTECTED]
>> Subject: Re: How to prevent user drop table in Hive metadata?
>>
>> See https://issues.apache.org/jira/browse/HIVE-5837 for a JIRA
>> addressing this.
>>
>> Also, you can use the StorageBasedAuthorizationProvider in Hive, which
>> bases metadata security on file security.  So if the user doesn't have
>> permissions to remove the directory that stores the table data, they won't
>> have permissions to drop the table.  This isn't perfect, but it's a start.
>>
>> Alan.
>>
>> On Nov 22, 2013, at 11:49 AM, <[EMAIL PROTECTED]> <
>> [EMAIL PROTECTED]> wrote:
>>
>> > Has no one raised a Jira ticket ?
>> >
>> > ----
>> > Dr. Simon Thompson
>> >
>> > ________________________________________
>> > From: Biswajit Nayak [[EMAIL PROTECTED]]
>> > Sent: 22 November 2013 19:45
>> > To: [EMAIL PROTECTED]
>> > Subject: Re: How to prevent user drop table in Hive metadata?
>> >
>> > Hi Echo,
>> >
>> > I dont think there is any to prevent this. I had the same concern in
>> hbase, but found out that it is assumed that user using the system are very
>> much aware of it.  I am into hive from last 3 months, was looking for some
>> kind of way here, but no luck till now..
>> >
>> > Thanks
>> > Biswa
>> >
>> > On 23 Nov 2013 01:06, "Echo Li" <[EMAIL PROTECTED]<mailto:
>> [EMAIL PROTECTED]>> wrote:
>> > Good Friday!
>> >
>> > I was trying to apply certain level of security in our hive data
>> warehouse, by modifying access mode of directories and files on hdfs to 755
>> I think it's good enough for a new user to remove data, however the user
>> still can drop the table definition in hive cli, seems the "revoke" doesn't
>> help much, is there any way to prevent this?
>> >
>> >
>> > Thanks,
>> > Echo
>> >
>> > _____________________________________________________________
>> > The information contained in this communication is intended solely for
>> the use of the individual or entity to whom it is addressed and others
>> authorized to receive it. It may contain confidential or legally privileged
>> information. If you are not the intended recipient you are hereby notified
>> that any disclosure, copying, distribution or taking any action in reliance
>> on the contents of this information is strictly prohibited and may be
>> unlawful. If you have received this communication in error, please notify
>> us immediately by responding to this email and then delete it from your
>> system. The firm is neither liable for the proper and complete transmission
>> of the information contained in this communication nor for any delay in its
>> receipt.
>>
>>
>> --
>> CONFIDENTIALITY NOTICE
>> NOTICE: This message is intended for the use of the individual or entity
>> to
>> which it is addressed and may contain information that is confidential,
>> privileged and exempt from disclosure under applicable law. If the reader
>> of this message is not the intended recipient, you are hereby notified
>> that
>> any printing, copying, dissemination, distribution, disclosure or
>> forwarding of this communication is strictly prohibited. If you have