Users able to drop table on hive though they are not the table owners. Need to enable metastore server security to start using the storage based auth.
To enable metastore security we need to enable the following parameter
hive.metastore.pre.event.listeners [This turns on metastore-side security.]
Set to org.apache.hadoop.hive.ql.security.authorization.AuthorizationPreEventListener
hive.security.metastore.authorization.manager [This tells Hive which metastore-side authorization provider to use. The default setting uses DefaultHiveMetastoreAuthorizationProvider, which implements the standard Hive grant/revoke model. To use an HDFS permission-based model (recommended) to do your authorization, use StorageBasedAuthorizationProvider as instructed above]
Set to org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider
Set to org.apache.hadoop.hive.ql.security.HadoopDefaultMetastoreAuthenticator
When this is set to true, Hive metastore authorization also checks for read access. It is set to true by default. Read authorization checks were introduced in Hive 0.14.0