[
https://issues.apache.org/jira/browse/HIVE-78?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12682719#action_12682719
]
Edward Capriolo commented on HIVE-78:
-------------------------------------
We also have to look at this on the file system level. For example, files in my
warehouse are owned by the user who created the table.
{quote}
/user/hive/warehouse/edward <dir> 2008-10-30 17:13
rwxr-xr-x edward supergroup
{quote}
Regardless of what permissions are granted in the metastore (via this jira),
hadoop ACL governs what a user can do to that file.
This is not an issue in mysql. In a typical mysql deployment all of the data
files are owned by a mysql user.
I do not see a clear cut solution for this.
In one scenario we make sure all the files in the warehouse are owned RW to
all, or owned by a specific user. A component like HiveServer, CLI, or HWI
would decide if the user action would succeed based on the meta data.
The other option is that an operation like 'GRANT SELECT' would have to
physically modify the Hadoop ACL/owner. This method will not help us get the
fine grained control we desire.
> Authentication infrastructure for Hive
> --------------------------------------
>
> Key: HIVE-78
> URL: https://issues.apache.org/jira/browse/HIVE-78
> Project: Hadoop Hive
> Issue Type: New Feature
> Components: Server Infrastructure
> Reporter: Ashish Thusoo
> Assignee: Edward Capriolo
>
> Allow hive to integrate with existing user repositories for authentication
> and authorization infromation.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
