Echo Li 2013-11-22, 19:36
Richard Nadeau 2013-11-22, 20:39
Biswajit Nayak 2013-11-22, 19:45
simon.2.thompson@... 2013-11-22, 19:49
Biswajit Nayak 2013-11-22, 19:51
Alan Gates 2013-11-22, 20:53
simon.2.thompson@... 2013-11-22, 20:55
Shreepadma Venugopalan 2013-11-22, 22:36
-Re: How to prevent user drop table in Hive metadata?
Echo Li 2013-11-22, 23:06
Thanks all, that's all very helpful information.
Shreepadma, when will the Apache Sentry come GA?
On Fri, Nov 22, 2013 at 2:36 PM, Shreepadma Venugopalan <
[EMAIL PROTECTED]> wrote:
> Apache Sentry (incubating) provides fine-grained role-based authorization
> for Hive among other components of the Hadoop ecosystem. It currently
> supports fully secure, fine-grained, role-based authorization for Hive and
> can be used to prevent the scenario described earlier i.e., prevent a user
> from dropping a table the user shouldn't be allowed to drop.
> On Fri, Nov 22, 2013 at 12:55 PM, <[EMAIL PROTECTED]> wrote:
>> Thanks Alan - I'll fwd the spec in the Jira to some of our security and
>> integrity people for comment.
>> Dr. Simon Thompson
>> From: Alan Gates [[EMAIL PROTECTED]]
>> Sent: 22 November 2013 20:53
>> To: [EMAIL PROTECTED]
>> Subject: Re: How to prevent user drop table in Hive metadata?
>> See https://issues.apache.org/jira/browse/HIVE-5837 for a JIRA
>> addressing this.
>> Also, you can use the StorageBasedAuthorizationProvider in Hive, which
>> bases metadata security on file security. So if the user doesn't have
>> permissions to remove the directory that stores the table data, they won't
>> have permissions to drop the table. This isn't perfect, but it's a start.
>> On Nov 22, 2013, at 11:49 AM, <[EMAIL PROTECTED]> <
>> [EMAIL PROTECTED]> wrote:
>> > Has no one raised a Jira ticket ?
>> > ----
>> > Dr. Simon Thompson
>> > ________________________________________
>> > From: Biswajit Nayak [[EMAIL PROTECTED]]
>> > Sent: 22 November 2013 19:45
>> > To: [EMAIL PROTECTED]
>> > Subject: Re: How to prevent user drop table in Hive metadata?
>> > Hi Echo,
>> > I dont think there is any to prevent this. I had the same concern in
>> hbase, but found out that it is assumed that user using the system are very
>> much aware of it. I am into hive from last 3 months, was looking for some
>> kind of way here, but no luck till now..
>> > Thanks
>> > Biswa
>> > On 23 Nov 2013 01:06, "Echo Li" <[EMAIL PROTECTED]<mailto:
>> [EMAIL PROTECTED]>> wrote:
>> > Good Friday!
>> > I was trying to apply certain level of security in our hive data
>> warehouse, by modifying access mode of directories and files on hdfs to 755
>> I think it's good enough for a new user to remove data, however the user
>> still can drop the table definition in hive cli, seems the "revoke" doesn't
>> help much, is there any way to prevent this?
>> > Thanks,
>> > Echo
>> > _____________________________________________________________
>> > The information contained in this communication is intended solely for
>> the use of the individual or entity to whom it is addressed and others
>> authorized to receive it. It may contain confidential or legally privileged
>> information. If you are not the intended recipient you are hereby notified
>> that any disclosure, copying, distribution or taking any action in reliance
>> on the contents of this information is strictly prohibited and may be
>> unlawful. If you have received this communication in error, please notify
>> us immediately by responding to this email and then delete it from your
>> system. The firm is neither liable for the proper and complete transmission
>> of the information contained in this communication nor for any delay in its
>> CONFIDENTIALITY NOTICE
>> NOTICE: This message is intended for the use of the individual or entity
>> which it is addressed and may contain information that is confidential,
>> privileged and exempt from disclosure under applicable law. If the reader
>> of this message is not the intended recipient, you are hereby notified
>> any printing, copying, dissemination, distribution, disclosure or
>> forwarding of this communication is strictly prohibited. If you have
Xiu Guo 2013-11-22, 23:11
Shreepadma Venugopalan 2013-11-23, 00:25
Sanjay Subramanian 2013-12-01, 06:00
Nitin Pawar 2013-11-22, 20:04
Jov 2013-12-01, 06:41