ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alok Lal (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-738) Server-wide control over TRANSFORM clause in Hive
Date Tue, 01 Dec 2015 07:20:10 GMT

    [ https://issues.apache.org/jira/browse/RANGER-738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15033249#comment-15033249
] 

Alok Lal commented on RANGER-738:
---------------------------------

Looks like hive could tell which tables columns are going to acted upon by TRANSFORM.  So
we might be able to restrict this at Table level, i.e. we may not have to make it wide open
for a user, i.e. all databases/all tables.  Is it?

> Server-wide control over TRANSFORM clause in Hive
> -------------------------------------------------
>
>                 Key: RANGER-738
>                 URL: https://issues.apache.org/jira/browse/RANGER-738
>             Project: Ranger
>          Issue Type: New Feature
>          Components: plugins
>            Reporter: Scott C Gray
>              Labels: features, security
>
> The TRANSFORM statement in Hive is a big security hole with Hive run without impersonation,
so when SQL Standard Authorization is enabled, the feature id completely disabled which is
a bit of a sledgehammer approach to securing this statement.
> Sentry added support for restricting this statement at a per-user/group level, which
should be adopted by Ranger.
> https://issues.apache.org/jira/browse/SENTRY-598



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message