[ https://issues.apache.org/jira/browse/SPARK-5159?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15102702#comment-15102702 ]
Luciano Resende commented on SPARK-5159: ---------------------------------------- [~ilovesoup] As I mentioned before, most if not all your changes have been applied via SPARK-6910 @All, I understand there is a bigger issue here, regarding data that is stored out of hive, but I would treat that as a different epic for Spark Data Security, while for this current issue, I would like us to concentrate on the remaining issue related to doAs when Kerberos is enabled. > Thrift server does not respect hive.server2.enable.doAs=true > ------------------------------------------------------------ > > Key: SPARK-5159 > URL: https://issues.apache.org/jira/browse/SPARK-5159 > Project: Spark > Issue Type: Bug > Components: SQL > Affects Versions: 1.2.0 > Reporter: Andrew Ray > Attachments: spark_thrift_server_log.txt > > > I'm currently testing the spark sql thrift server on a kerberos secured > cluster in YARN mode. Currently any user can access any table regardless of > HDFS permissions as all data is read as the hive user. In HiveServer2 the > property hive.server2.enable.doAs=true causes all access to be done as the > submitting user. We should do the same. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org