[
https://issues.apache.org/jira/browse/HIVE-3807?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13778539#comment-13778539
]
Kai Zheng commented on HIVE-3807:
---------------------------------
Sorry for delay on this. I agree the proper way would be providing help scripts
to regrant as you suggested. I did take time investigating on this and found we
might need to come up scripts accordingly for mysql, oracle and so on.I didn't
have such environments, so if anyone would take this please go ahead. Thanks.
> Hive authorization should use short username when Kerberos authentication
> -------------------------------------------------------------------------
>
> Key: HIVE-3807
> URL: https://issues.apache.org/jira/browse/HIVE-3807
> Project: Hive
> Issue Type: Improvement
> Components: Authorization
> Affects Versions: 0.9.0, 0.10.0
> Reporter: Kai Zheng
> Assignee: Kai Zheng
> Attachments: HIVE-3807.patch
>
>
> Currently when authentication method is Kerberos,Hive authorization uses user
> full name as privilege principal, for example, it uses j...@example.com
> instead of john.
> It should use the short name instead. The benefits:
> 1. Be consistent. Hadoop, HBase and etc they all use short name in related
> ACLs or authorizations. For Hive authorization works well with them, this
> should be.
> 2. Be convenient. It's very inconvenient to use the lengthy Kerberos
> principal name when grant or revoke privileges via Hive CLI.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
