[jira] [Commented] (RANGER-768) Hive Metastore Plugin

Thu, 08 Dec 2016 14:54:25 -0800 

    [ 
https://issues.apache.org/jira/browse/RANGER-768?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15733643#comment-15733643
 ] 

Yan commented on RANGER-768:
----------------------------

I created a subtask for the first phase of this project: 
https://issues.apache.org/jira/browse/RANGER-1247. As discussed, the initial 
phase does not have the "resource sync" functionality which looks more complex 
and will need more in-depth thoughts on design and implementation. 

Sorry for the extended delay in moving this jira forward. I have been focusing 
on internal releases.

> Hive Metastore Plugin
> ---------------------
>
>                 Key: RANGER-768
>                 URL: https://issues.apache.org/jira/browse/RANGER-768
>             Project: Ranger
>          Issue Type: New Feature
>          Components: admin, plugins
>            Reporter: Yan
>         Attachments: Design Proposal for Hive Metastore Plugin of Ranger - 
> V1.2.docx, Design Proposal for Hive Metastore Plugin of Ranger - V1.3.docx, 
> Design Proposal for Hive Metastore Plugin of Ranger - V1.4.docx, Design 
> Proposal for Hive Metastore Plugin of Ranger.docx, Design Proposal for Hive 
> Metastore Plugin of Ranger.docx
>
>
> Currently there is no Ranger processing of Hive table meta store events that 
> could result in privilege modifications. One example is that when a table is 
> renamed by a Hive Server 2 client (the "beeline"), no proper privilege 
> adjustments in Ranger are made to allow/deny previously allowed/denied users 
> the same privileges as before. In addition, more advanced features, such as 
> granting/denying similar accesses to Hive's HDFS data to users that have (or 
> do not have) privileges in the Hive, would require that detailed metadata of 
> the Hive table, the storage info to be specific, be available to Ranger in 
> order to make the corresponding HDFS  data accessible to the Hive users 
> directly.
> This plugin will depend upon the existing Ranger Hive plugin, so it shares 
> the same "service" name as the associated Ranger Hive service deployed, and 
> it will be "co-enabled" with the existing Ranger Hive plugin.
> Design doc will come soon.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to