[jira] [Commented] (SPARK-12008) Spark hive security authorization doesn't work as Apache hive's

Tue, 01 Dec 2015 18:43:21 -0800 

    [ 
https://issues.apache.org/jira/browse/SPARK-12008?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15035159#comment-15035159
 ] 

pin_zhang commented on SPARK-12008:
-----------------------------------

Any comments?

> Spark hive security authorization doesn't work as Apache hive's
> ---------------------------------------------------------------
>
>                 Key: SPARK-12008
>                 URL: https://issues.apache.org/jira/browse/SPARK-12008
>             Project: Spark
>          Issue Type: Bug
>          Components: SQL
>    Affects Versions: 1.5.2
>            Reporter: pin_zhang
>
> Spark hive security authorization doesn't consistent with apache hive
> The same hive-site.xml    
>  <property>
>          <name>hive.security.authorization.enabled</name>
>          <value>true</value>
>    </property>     
>    <property>
>         <name>hive.security.authorization.manager</name>        
> <value>org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory</value>
>     </property>
>     <property>
>         <name>hive.security.authenticator.manager</name>        
> <value>org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator</value>
>    </property>   
>    <property>
>         <name>hive.server2.enable.doAs</name>
>         <value>true</value>
>     </property>
> 1. Run spark start-thriftserver.sh, Will meet exception when run sql.
>    SQL standards based authorization should not be enabled from hive 
> cliInstead the use of storage based authorization in hive metastore is 
> reccomended. 
>    Set hive.security.authorization.enabled=false to disable authz within cli
> 2. Change to start start-thriftserver.sh with hive configurations
> ./start-thriftserver.sh --conf 
> hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory
>  --conf 
> hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator
>  
> 3. Beeline connect with userA and create table tableA.
> 4. Beeline connect with userB to truncate tableA
>   A) In Apache hive, truncate table get exception
>   Error while compiling statement: FAILED: HiveAccessControlException 
> Permission denied: Principal [name=userB, type=USER] does not have following 
> privileges for operation TRUNCATETABLE [[OBJECT OWNERSHIP] on Object 
> [type=TABLE_OR_VIEW, name=default.tablea]] (state=42000,code=40000)
>   B) In Spark hive, any user that can connect to the hive, can truncate, as 
> long as the spark user has privileges.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to