[
https://issues.apache.org/jira/browse/HCATALOG-245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13202764#comment-13202764
]
Alan Gates commented on HCATALOG-245:
-------------------------------------
bq. However, most of the privileges in HiveOperation are not sufficient, and
the fact that dbs, tables and partitions can specify custom locations means
that we cannot use pure Hive's enforcement of auth provider implementation.
I don't follow. You are saying that we still need to do the checks in
HCatSemanticAnalyzer and cannot simply rely on Hive's checks, correct? Hence
your patch has HCatSemanticAnalyzer still doing many checks. But this means
HCat security is not simply a different implementation of Hive security, which
was one of the goals here. What information is missing?
HiveAuthorizationProvider.authorize is passed the database or table object,
which includes the location information.
> StorageHandler authorization providers
> ---------------------------------------
>
> Key: HCATALOG-245
> URL: https://issues.apache.org/jira/browse/HCATALOG-245
> Project: HCatalog
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Enis Soztutar
> Attachments: hcat-auth_v1.patch
>
>
> As per the design in the parent issue, we will delegate the authorization
> checks to the storage handler (hdfs is considered as a storage handler as
> well). This jira will introduce HiveAuthorizationProviders for hbase + hdfs.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
