[
https://issues.apache.org/jira/browse/HIVE-11826?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14903104#comment-14903104
]
Aihua Xu commented on HIVE-11826:
---------------------------------
Hi [~leftylev] the doc seems not necessary since 'hadoop.proxyuser.hive.groups'
should work as it supposed to be while we just had this issue. This is to
correct the incorrect implementation.
Let me know if anyone else has different opinion and I can provide more info if
needed.
> 'hadoop.proxyuser.hive.groups' configuration doesn't prevent unauthorized
> user to access metastore
> --------------------------------------------------------------------------------------------------
>
> Key: HIVE-11826
> URL: https://issues.apache.org/jira/browse/HIVE-11826
> Project: Hive
> Issue Type: Bug
> Components: Metastore
> Affects Versions: 2.0.0
> Reporter: Aihua Xu
> Assignee: Aihua Xu
> Fix For: 1.3.0, 2.0.0
>
> Attachments: HIVE-11826.2.patch, HIVE-11826.patch
>
>
> With 'hadoop.proxyuser.hive.groups' configured in core-site.xml to certain
> groups, currently if you run the job with a user not belonging to those
> groups, it won't fail to access metastore. With old version hive 0.13,
> actually it fails properly.
> Seems HadoopThriftAuthBridge20S.java correctly call ProxyUsers.authorize()
> while HadoopThriftAuthBridge23 doesn't.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
