[
https://issues.apache.org/jira/browse/SQOOP-3018?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15590043#comment-15590043
]
Abraham Fine commented on SQOOP-3018:
-------------------------------------
[~daryn], with Sqoop 2 we want to be able to support as wide a set of
datastores with as few assumptions about their security capabilities as
possible, so relying on the DBA to updates grants would not work here.
While it is true that custom connectors can be used, the user would need file
system access on the server to add connectors and other jars (wouldn't it be
"game over" anyway), so I do not believe that presents an additional security
risk. I may be forgetting something though, please share any functionality that
you feel contradicts this claim.
> Hadoop MapReduce job submission be done in client user UGI?
> -----------------------------------------------------------
>
> Key: SQOOP-3018
> URL: https://issues.apache.org/jira/browse/SQOOP-3018
> Project: Sqoop
> Issue Type: New Feature
> Components: connectors/hdfs
> Affects Versions: 1.99.7
> Reporter: Yan Braun
> Attachments: SQOOP-3018.patch
>
>
> Hdfs Connector read and write to HDFS in client user UGI when proxyUser is
> enabled. But MapReduce job submission is done using Sqoop user UGI, which
> makes all jobs from different users run in Sqoop user's hadoop queue instead
> of client users' own queue.
> This is a follow-up JIRA after our discussions with Abraham Fine on whether
> this will be on sqoop2 road map in the near future. Thanks.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
