[jira] [Commented] (SPARK-8659) Spark SQL Thrift Server does NOT honour hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory

Fri, 29 Jun 2018 01:46:14 -0700 


    [ 
https://issues.apache.org/jira/browse/SPARK-8659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16527325#comment-16527325
 ] 

t oo commented on SPARK-8659:
-----------------------------

_"show_ current _roles" gives an error about sql catalyst parser_

> Spark SQL Thrift Server does NOT honour 
> hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory
>  
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SPARK-8659
>                 URL: https://issues.apache.org/jira/browse/SPARK-8659
>             Project: Spark
>          Issue Type: Bug
>          Components: SQL
>    Affects Versions: 1.3.1
>         Environment: Linux
>            Reporter: Premchandra Preetham Kukillaya
>            Priority: Major
>
> It seems like while pointing JDBC/ODBC Driver to Spark SQLThrift Service ,the 
> Hive's security  feature SQL based authorisation is not working. It ignores 
> the security settings passed through the command line. The arguments for 
> command line is given below for reference
> The problem is user X can do select on table belonging to user Y, though 
> permission for table is explicitly defined and its a data security risk.
> I am using Hive .13.1 and Spark 1.3.1 and here is the list arguments passed 
> to Spark SQL Thrift Server.
> ./start-thriftserver.sh --hiveconf hive.server2.thrift.port=10001 --hiveconf 
> xxxxhostname.compute.amazonaws.com --hiveconf 
> hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator
>  --hiveconf 
> hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory
>  --hiveconf hive.server2.enable.doAs=false --hiveconf 
> hive.security.authorization.enabled=true --hiveconf 
> javax.jdo.option.ConnectionURL=jdbc:mysql://localhost:3306/hive?createDatabaseIfNotExist=true
>  --hiveconf javax.jdo.option.ConnectionDriverName=com.mysql.jdbc.Driver 
> --hiveconf javax.jdo.option.ConnectionUserName=hive --hiveconf 
> javax.jdo.option.ConnectionPassword=hive



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to