[
https://issues.apache.org/jira/browse/HIVE-9143?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14303831#comment-14303831
]
Alexander Pivovarov commented on HIVE-9143:
-------------------------------------------
I. STD AUTH. doAs=false
I tested current_user() function for SQL Std auth. See below
1. I configured hive the following way. hive-site.xml
{code}
<property>
<name>hive.server2.enable.doAs</name>
<value>false</value>
</property>
<property>
<name>hive.security.authorization.manager</name>
<value>org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory</value>
</property>
<property>
<name>hive.security.authorization.enabled</name>
<value>true</value>
</property>
<property>
<name>hive.security.authenticator.manager</name>
<value>org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator</value>
</property>
<property>
<name>hive.metastore.uris</name>
<value></value>
</property>
<property>
<name>hive.users.in.admin.role</name>
<value>apivovarov</value>
</property>
{code}
2. I started hiveserver2
3. I connected to hs2 as admin user "apivovarov" (using jdbc client SQL
Workbench/J)
4. I run "set role admin;"
5. I run "select current_user() from dual;". result: apivovarov
6. I have dual table in default db. I run "grant select on dual to role public;"
7. I connected to hs2 as regular user "alex"
8. I run "select current_user() from dual;". result: alex
So, current_user() works for SQL Standard Based Hive Authorization
II. DEFAULT AUTH. doAs = true
Also, I tested running current_user() function via hiveserver2 using default
hive settings (DefaultHiveAuthorization).
The function returned "apivovarov" and "alex" for "apivovarov" and "alex" users
accordingly.
> select user(), current_user()
> -----------------------------
>
> Key: HIVE-9143
> URL: https://issues.apache.org/jira/browse/HIVE-9143
> Project: Hive
> Issue Type: Improvement
> Affects Versions: 0.13.0
> Reporter: Hari Sekhon
> Assignee: Alexander Pivovarov
> Priority: Minor
> Attachments: HIVE-9143.1.patch, HIVE-9143.2.patch, HIVE-9143.3.patch
>
>
> Feature request to add support for determining in HQL session which user I am
> currently connected as - an old MySQL ability:
> {code}mysql> select user(), current_user();
> +----------------+----------------+
> | user() | current_user() |
> +----------------+----------------+
> | root@localhost | root@localhost |
> +----------------+----------------+
> 1 row in set (0.00 sec)
> {code}
> which doesn't seem to have a counterpart in Hive at this time:
> {code}0: jdbc:hive2://<host>:100> select user();
> Error: Error while compiling statement: FAILED: SemanticException Line 0:-1
> Invalid function 'user' (state=42000,code=40000)
> 0: jdbc:hive2://<host>:100> select current_user();
> Error: Error while compiling statement: FAILED: SemanticException [Error
> 10011]: Line 1:7 Invalid function 'current_user'
> (state=42000,code=10011){code}
> Regards,
> Hari Sekhon
> http://www.linkedin.com/in/harisekhon
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
