[
https://issues.apache.org/jira/browse/HIVE-24705?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated HIVE-24705:
----------------------------------
Labels: pull-request-available (was: )
> Create/Alter/Drop tables based on storage handlers in HS2 should be
> authorized by Ranger/Sentry
> -----------------------------------------------------------------------------------------------
>
> Key: HIVE-24705
> URL: https://issues.apache.org/jira/browse/HIVE-24705
> Project: Hive
> Issue Type: Improvement
> Reporter: Sai Hemanth Gantasala
> Assignee: Sai Hemanth Gantasala
> Priority: Major
> Labels: pull-request-available
> Time Spent: 10m
> Remaining Estimate: 0h
>
> With doAs=false in Hive3.x, whenever a user is trying to create a table based
> on storage handlers on external storage for ex: HBase table, the end user we
> are seeing is hive so we cannot really enforce the condition in Apache
> Ranger/Sentry on the end-user. So, we need to enforce this condition in the
> hive in the event of create/alter/drop tables based on storage handlers.
> Built-in hive storage handlers like HbaseStorageHandler, KafkaStorageHandler
> e.t.c should implement a method getURIForAuthentication() which returns a URI
> that is formed from table properties. This URI can be sent for authorization
> to
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
