[ https://issues.apache.org/jira/browse/HIVE-14099?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15552496#comment-15552496 ]
Thejas M Nair commented on HIVE-14099: -------------------------------------- Adding a note that this does not affect SQL Standard or ranger authorization plugin. They both use a config whitelist, for set of configs that are allowed to be modified. With SQL std auth or ranger you would get an error message like the following - {code} 0: jdbc:hive2://localhost:10000/default> set hive.security.authorization.enabled=false; Error: Error while processing statement: Cannot modify hive.security.authorization.enabled at runtime. It is not in list of params that are allowed to be modified at runtime (state=42000,code=1) {code} This issue would affect [legacy authorization mode|https://cwiki.apache.org/confluence/display/Hive/Hive+Default+Authorization+-+Legacy+Mode], which is inherently unsecure. Also, trying to secure hive-cli this way is meaningless, you can specify any config options on commandline to override the settings, or point it to a different config directly, or even read directly from HDFS. > Hive security authorization can be disabled by users > ---------------------------------------------------- > > Key: HIVE-14099 > URL: https://issues.apache.org/jira/browse/HIVE-14099 > Project: Hive > Issue Type: Improvement > Components: Authorization > Affects Versions: 0.13.1 > Reporter: Prashant Kumar Singh > Assignee: Aihua Xu > Fix For: 2.2.0 > > Attachments: HIVE-14099.1.patch > > > In case we enables : > hive.security.authorization.enabled=true in hive-site.xml > this setting can be disabled by users at their hive prompt. There should be > hardcoded setting in the configs. > The other thing is once we enable authorization, the tables that got created > before enabling looses access as they don't have authorization defined. How > this situation can be tackled in hive. > Note that this issue does not affect SQL standard or ranger authorization > plugin. -- This message was sent by Atlassian JIRA (v6.3.4#6332)