hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleksiy Sayankin (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HIVE-20457) Create authorization mechanism for granting/revoking privileges to change Hive properties
Date Fri, 24 Aug 2018 10:18:00 GMT

     [ https://issues.apache.org/jira/browse/HIVE-20457?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Oleksiy Sayankin updated HIVE-20457:
------------------------------------
    Description: At the moment any user in Hive can change any property of Hive. So he can
set {{hive.exec.pre.hooks}} to hook that implements dangerous code. It would be nice to create
roles and assign list of properties that particular role is able to modify. For example, {{admin}}
role has permissions to change any property, and {{hive_client}} can change only {{hive.txn.timeout}}.

> Create authorization mechanism for granting/revoking privileges to change Hive properties
> -----------------------------------------------------------------------------------------
>
>                 Key: HIVE-20457
>                 URL: https://issues.apache.org/jira/browse/HIVE-20457
>             Project: Hive
>          Issue Type: Improvement
>          Components: Security
>            Reporter: Oleksiy Sayankin
>            Assignee: Oleksiy Sayankin
>            Priority: Critical
>              Labels: authorization
>
> At the moment any user in Hive can change any property of Hive. So he can set {{hive.exec.pre.hooks}}
to hook that implements dangerous code. It would be nice to create roles and assign list of
properties that particular role is able to modify. For example, {{admin}} role has permissions
to change any property, and {{hive_client}} can change only {{hive.txn.timeout}}.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message