[
https://issues.apache.org/jira/browse/HIVE-24705?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sai Hemanth Gantasala updated HIVE-24705:
-----------------------------------------
Description:
With doAs=false in Hive3.x, whenever a user is trying to create a table based
on storage handlers on external storage for ex: HBase table, the end user we
are seeing is hive so we cannot really enforce the condition in Apache
Ranger/Sentry on the end-user. So, we need to enforce this condition in the
hive in the event of create/alter/drop tables based on storage handlers.
Built-in hive storage handlers like HbaseStorageHandler, KafkaStorageHandler
e.t.c should implement a method getURIForAuthentication() which returns a URI
that is formed from table properties. This URI can be sent for authorization to
> Create/Alter/Drop tables based on storage handlers in HS2 should be
> authorized by Ranger/Sentry
> -----------------------------------------------------------------------------------------------
>
> Key: HIVE-24705
> URL: https://issues.apache.org/jira/browse/HIVE-24705
> Project: Hive
> Issue Type: Improvement
> Reporter: Sai Hemanth Gantasala
> Assignee: Sai Hemanth Gantasala
> Priority: Major
>
> With doAs=false in Hive3.x, whenever a user is trying to create a table based
> on storage handlers on external storage for ex: HBase table, the end user we
> are seeing is hive so we cannot really enforce the condition in Apache
> Ranger/Sentry on the end-user. So, we need to enforce this condition in the
> hive in the event of create/alter/drop tables based on storage handlers.
> Built-in hive storage handlers like HbaseStorageHandler, KafkaStorageHandler
> e.t.c should implement a method getURIForAuthentication() which returns a URI
> that is formed from table properties. This URI can be sent for authorization
> to
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
