[
https://issues.apache.org/jira/browse/HIVE-5837?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13851079#comment-13851079
]
Brock Noland commented on HIVE-5837:
------------------------------------
bq. Should we make one of the sql standard privileges available on SERVER
object?
Privileges on the SERVER object can make sense but I feel the more important
aspect is to ensure privileges are scoped to a SERVER for the reason I will
outline below.
bq. Brock, could you give more details on the SERVER use case? I've seen people
use multiple instances of HS2 for HA/scaling, but never allocating some users
to some instances and others to others. What's the motivation for that?
It's a very similar use case to federation. Enterprises often want to isolate
groups of users from using the same resource. The scenario is you have group A
and group B and they cannot or do not want to share the same HS2. By having
server in the hierarchy you can enforce the separation amongst HS2 instances.
> SQL standard based secure authorization for hive
> ------------------------------------------------
>
> Key: HIVE-5837
> URL: https://issues.apache.org/jira/browse/HIVE-5837
> Project: Hive
> Issue Type: New Feature
> Components: Authorization
> Reporter: Thejas M Nair
> Assignee: Thejas M Nair
> Attachments: SQL standard authorization hive.pdf
>
>
> The current default authorization is incomplete and not secure. The
> alternative of storage based authorization provides security but does not
> provide fine grained authorization.
> The proposal is to support secure fine grained authorization in hive using
> SQL standard based authorization model.
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)
