Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Threaded View
Hive >> mail # user >> regarding hive-1384 HiveServer should run as the user who submitted the query


Copy link to this message
-
regarding hive-1384 HiveServer should run as the user who submitted the query
Hi all,

  

   Idealy,  in hive security, the client user should be transmitted to hdfs
and mr, just like this jira said.

 

   I have some questions on how to implement this, mainly on one sql visit
multiple user's table.  

   For example , t1 belong to user1; t2 belong to user2,  user1 want execute
one sql like: select t1.*,t2.* from t1 join t2 on t1.id = t2.id,  this means
user1 have to visit user2's data in hdfs, so the mr job have to visit two
user's data in hdfs.

  as I know, currently, before submit the job to yarn, jobclient will try to
get the delegation token from hdfs, and add into  Credentials , which can
only maintain one user's token for one service like hdfs. For example:
ha-hdfs,token1(user1).  Then how to add multiple user's token to job's
credentials?

 

  another point is: in this job, different map require using different
user's token to communicate with hdfs, right? Seems, this point also cann't
support by current hadoop security mechanism.

 

  Anyone can give ideas on this?  I will be very appreciate.

 

  

  

Regards

Wwli

NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB