Reply
Highlighted
New Contributor
Posts: 2
Registered: ‎02-24-2016
Accepted Solution

Backport for HIVE-11901

Hi,

 

Hive has different authorization possibilities, and one of them is the StorageBasedAuthorizationProvider. But unfortunatly, it's bugged since 0.14. With this policy, the rights on the metastore are 'copying' the rights on the filesystem where the tables are stored (if you don't have the write rights on the filesystem, you can't drop the table). It's super easy to set up and use, compared to Sentry that need to set up a new service, plus create roles, privileges etc...

 

Is there any way this patch could be backported ? 

 

Thanks in advanced,

 

Pierre

Posts: 1,826
Kudos: 406
Solutions: 292
Registered: ‎07-31-2013

Re: Backport for HIVE-11901

We do not currently recommend the use of StorageBasedAuthorizationProvider. While Sentry's initial setup (esp. with HDFS ACL sync enabled) may seem a little involved, note that its much simpler than ending up in a longer term situation of managing several HDFS paths and keeping them controlled manually.

Currently that fix is not in scope of a backport, since this plugin is not supported for use in a CDH environment, but it may be added in future (such as if/when a rebase occurs).
New Contributor
Posts: 2
Registered: ‎02-24-2016

Re: Backport for HIVE-11901

[ Edited ]

Hello Harsh,

 

Many thanks for your reply !

 

Got it for the StorageBasedAuthorizationProvider. We already started to use Sentry and has some issues for sharing rights without "Synchronizing HDFS ACLs and Sentry Permissions". The fact we couldn't use impersonation anymore was blocking. I'm going to try the syncronizing feature and everything should go smoothly now. I hope :)

 

Cheers,

 

Pierre

 

 

Announcements