ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Don Bosco Durai (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-738) Server-wide control over TRANFORM clause in Hive
Date Mon, 23 Nov 2015 18:34:11 GMT

    [ https://issues.apache.org/jira/browse/RANGER-738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15022678#comment-15022678
] 

Don Bosco Durai commented on RANGER-738:
----------------------------------------

Thanks for the link.  I do like your suggestion to that we can provide explicit permission
for TRANSFORM. But it seems TRANSFORM can cause havoc in a doAs false scenario. We have to
be very careful. Because it could be misused.

Let me also check with the Hive team whether they can sandbox TRANSFORM call to a separate
class loader and run everything as proxy for the end user (similar as doAs=true, but only
for this code base) and also if possible run it as a separate process as the end user. The
second might be very difficult.



> Server-wide control over TRANFORM clause in Hive
> ------------------------------------------------
>
>                 Key: RANGER-738
>                 URL: https://issues.apache.org/jira/browse/RANGER-738
>             Project: Ranger
>          Issue Type: New Feature
>          Components: plugins
>            Reporter: Scott C Gray
>              Labels: features, security
>
> The TRANFORM statement in Hive is a big security hole with Hive run without impersonation,
so when SQL Standard Authorization is enabled, the feature id completely disabled which is
a bit of a sledgehammer approach to securing this statement.
> Sentry added support for restricting this statement at a per-user/group level, which
should be adopted by Ranger.
> https://issues.apache.org/jira/browse/SENTRY-598



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message