Hi, NitinThanks for your replay. This very useful for us. We'll consider about your suggestions.
-------------------------------- ----- 原始邮件 ----- 发件人:Alan Gates <[email protected]> 收件人:[email protected] 主题:Re: how to set column level privileges 日期:2015年03月26日 23点23分 Column level permissions was added to Hive default authorization in HIVE-5837. That is why the TBL_COL_PRIV tables exists in the metastore. The problem with default auth is it isn't really secure, as anyone can grant anybody (including themselves) any privilege. But Allen is correct that it doesn't work with the SQL Standard Authorization added in Hive 0.14. The only method using SQL standard auth out of the box is views. I believe using Apache Ranger (and maybe Apache Sentry, I'm not sure) with SQL standard auth you can get column level privileges. Alan. > Nitin Pawar <mailto:[email protected]> > March 26, 2015 at 4:18 > Column level security in hive was added at HIVE-5837 > <https://issues.apache.org/jira/browse/HIVE-5837> > > It has the PDF link for your readings. > > https://cwiki.apache.org/confluence/display/Hive/AuthDev talks about > setting column level permissions > > > > > -- > Nitin Pawar > Allen <mailto:[email protected]> > March 26, 2015 at 4:09 > > Thanks for your replay. > > If we handle the privileges by creating views, it will lead to lots of > views in our database. > > I found there is a table named TBL_COL_PRIV in hive metastore > database, maybe this table is related to column privilege,but it is > never used in hive. Anybody knew why? > > > > -------------------------------- > > > ----- 原始邮件 ----- > 发件人:Daniel Haviv <[email protected]> > 收件人:"[email protected]" <[email protected]> > 主题:Re: how to set column level privileges > 日期:2015年03月26日 18点42分 > > Create a view with the permitted columns and handle the privileges for it > > Daniel > > On 26 במרץ 2015, at 12:40, Allen <[email protected] > <mailto:[email protected]>> wrote: > Column level permissions was added to Hive default authorization in HIVE-5837. That is why the TBL_COL_PRIV tables exists in the metastore. The problem with default auth is it isn't really secure, as anyone can grant anybody (including themselves) any privilege. But Allen is correct that it doesn't work with the SQL Standard Authorization added in Hive 0.14. The only method using SQL standard auth out of the box is views. I believe using Apache Ranger (and maybe Apache Sentry, I'm not sure) with SQL standard auth you can get column level privileges. Alan. Nitin Pawar March 26, 2015 at 4:18 Column level security in hive was added at HIVE-5837 It has the PDF link for your readings. https://cwiki.apache.org/confluence/display/Hive/AuthDev talks about setting column level permissions -- Nitin Pawar Allen March 26, 2015 at 4:09 Thanks for your replay.If we handle the privileges by creating views, it will lead to lots of views in our database.I found there is a table named TBL_COL_PRIV in hive metastore database, maybe this table is related to column privilege,but it is never used in hive. Anybody knew why? -------------------------------- ----- 原始邮件 ----- 发件 人:Daniel Haviv <[email protected]> 收件 人:"[email protected]" <[email protected]> 主题:Re: how to set column level privileges 日期:2015年03月26日 18点42分 Create a view with the permitted columns and handle the privileges for it Daniel On 26 במרץ 2015, at 12:40, Allen <[email protected]> wrote:
