-regarding hive-1384 HiveServer should run as the user who submitted the query
Idealy, in hive security, the client user should be transmitted to hdfs
and mr, just like this jira said.
I have some questions on how to implement this, mainly on one sql visit
multiple user's table.
For example , t1 belong to user1; t2 belong to user2, user1 want execute
one sql like: select t1.*,t2.* from t1 join t2 on t1.id = t2.id, this means
user1 have to visit user2's data in hdfs, so the mr job have to visit two
user's data in hdfs.
as I know, currently, before submit the job to yarn, jobclient will try to
get the delegation token from hdfs, and add into Credentials , which can
only maintain one user's token for one service like hdfs. For example:
ha-hdfs,token1(user1). Then how to add multiple user's token to job's
another point is: in this job, different map require using different
user's token to communicate with hdfs, right? Seems, this point also cann't
support by current hadoop security mechanism.
Anyone can give ideas on this? I will be very appreciate.