[
https://issues.apache.org/jira/browse/RANGER-738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15033249#comment-15033249
]
Alok Lal commented on RANGER-738:
---------------------------------
Looks like hive could tell which tables columns are going to acted upon by
TRANSFORM. So we might be able to restrict this at Table level, i.e. we may
not have to make it wide open for a user, i.e. all databases/all tables. Is it?
> Server-wide control over TRANSFORM clause in Hive
> -------------------------------------------------
>
> Key: RANGER-738
> URL: https://issues.apache.org/jira/browse/RANGER-738
> Project: Ranger
> Issue Type: New Feature
> Components: plugins
> Reporter: Scott C Gray
> Labels: features, security
>
> The TRANSFORM statement in Hive is a big security hole with Hive run without
> impersonation, so when SQL Standard Authorization is enabled, the feature id
> completely disabled which is a bit of a sledgehammer approach to securing
> this statement.
> Sentry added support for restricting this statement at a per-user/group
> level, which should be adopted by Ranger.
> https://issues.apache.org/jira/browse/SENTRY-598
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
