[
https://issues.apache.org/jira/browse/SENTRY-535?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14218959#comment-14218959
]
Dapeng Sun commented on SENTRY-535:
-----------------------------------
Hi Lenni, thank you for your comments.
Yes, it seems if a user don't have permission to access the files of the table,
he may can't access any column of the table.
This is a problem that malicious user may bypass HIVE and SENTRY, use HDFS
client access the files directly. I don't think we can solved it in SENTRY
side. Maybe there are two ways to solve the problem
One is disable the feature "queries run as the end user", it may not be very
suitable for SENTRY-432 (Synchronization of HDFS permissions with Sentry
permissions).
{noformat}
<property>
<name>hive.server2.enable.doAs</name>
<value>false</value>
</property>
{noformat}
Another is column level encryption:HIVE-6329,HIVE-7934, these features will
help to do the column-level restriction.
> Optimize to reduce the call number of permsUpdate
> --------------------------------------------------
>
> Key: SENTRY-535
> URL: https://issues.apache.org/jira/browse/SENTRY-535
> Project: Sentry
> Issue Type: Improvement
> Reporter: Dapeng Sun
> Priority: Minor
>
> As the discussion in SENTRY-529, The {{SentryHDFSPlugin}} should not really
> care about the column privileges. it should pick only the table level
> privileges and send it to the permsUpdate.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
