[
https://issues.apache.org/jira/browse/RANGER-738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15034232#comment-15034232
]
Scott C Gray commented on RANGER-738:
-------------------------------------
One of the problems you'll run into is this:
FROM (
FROM src
SELECT TRANSFORM(src.key, src.value) ROW FORMAT SERDE
'org.apache.hadoop.hive.contrib.serde2.TypedBytesSerDe'
USING '/bin/cat'
AS (tkey, tvalue) ROW FORMAT SERDE
'org.apache.hadoop.hive.contrib.serde2.TypedBytesSerDe'
RECORDREADER
'org.apache.hadoop.hive.contrib.util.typedbytes.TypedBytesRecordReader'
) tmap
INSERT OVERWRITE TABLE dest1 SELECT tkey, tvalue
in this case the script is the source of data so there is no table to validate
against (unless you want to count the target table?)
> Server-wide control over TRANSFORM clause in Hive
> -------------------------------------------------
>
> Key: RANGER-738
> URL: https://issues.apache.org/jira/browse/RANGER-738
> Project: Ranger
> Issue Type: New Feature
> Components: plugins
> Reporter: Scott C Gray
> Labels: features, security
>
> The TRANSFORM statement in Hive is a big security hole with Hive run without
> impersonation, so when SQL Standard Authorization is enabled, the feature id
> completely disabled which is a bit of a sledgehammer approach to securing
> this statement.
> Sentry added support for restricting this statement at a per-user/group
> level, which should be adopted by Ranger.
> https://issues.apache.org/jira/browse/SENTRY-598
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
