[
https://issues.apache.org/jira/browse/AMBARI-5289?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dmytro Sen resolved AMBARI-5289.
--------------------------------
Resolution: Fixed
Committed to trunk
> HiveServer2 default security configuration changes
> --------------------------------------------------
>
> Key: AMBARI-5289
> URL: https://issues.apache.org/jira/browse/AMBARI-5289
> Project: Ambari
> Issue Type: Bug
> Components: controller
> Affects Versions: 1.5.0
> Reporter: Dmytro Sen
> Assignee: Dmytro Sen
> Fix For: 1.5.1
>
>
> 1.
> For hive server2 startup commandline option, ambari should specify the
> following configuration values:
> -hiveconf
> hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory
> -hiveconf hive.security.authorization.enabled=true
> -hiveconf
> hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator.
> 2.
> Ambari has been specifying the config hive.metastore.uris="" . It would be
> better to stop specifying this. With changes in hive security, there is some
> overhead of using embedded metastore from hive-server2.
> 3.
> There is a new config parameter "hive.users.in.admin.role" that is important
> to security. If user is specified as value of this config, that user has
> superuser privileges (meant for a user playing the DBA role).
> This should be set in hive-site.xml (used by metastore server). If it's set a
> default admin for any other service we can do the same here.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
