Hi all,
Idealy, in hive security, the client user should be transmitted to hdfs and mr, just like this jira said. I have some questions on how to implement this, mainly on one sql visit multiple user's table. For example , t1 belong to user1; t2 belong to user2, user1 want execute one sql like: select t1.*,t2.* from t1 join t2 on t1.id = t2.id, this means user1 have to visit user2's data in hdfs, so the mr job have to visit two user's data in hdfs. as I know, currently, before submit the job to yarn, jobclient will try to get the delegation token from hdfs, and add into Credentials , which can only maintain one user's token for one service like hdfs. For example: ha-hdfs,token1(user1). Then how to add multiple user's token to job's credentials? another point is: in this job, different map require using different user's token to communicate with hdfs, right? Seems, this point also cann't support by current hadoop security mechanism. Anyone can give ideas on this? I will be very appreciate. Regards Wwli
