Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Backport for HIVE-11901

avatar
New Contributor

Hi,

 

Hive has different authorization possibilities, and one of them is the StorageBasedAuthorizationProvider. But unfortunatly, it's bugged since 0.14. With this policy, the rights on the metastore are 'copying' the rights on the filesystem where the tables are stored (if you don't have the write rights on the filesystem, you can't drop the table). It's super easy to set up and use, compared to Sentry that need to set up a new service, plus create roles, privileges etc...

 

Is there any way this patch could be backported ? 

 

Thanks in advanced,

 

Pierre

1 ACCEPTED SOLUTION

avatar
Mentor
We do not currently recommend the use of StorageBasedAuthorizationProvider. While Sentry's initial setup (esp. with HDFS ACL sync enabled) may seem a little involved, note that its much simpler than ending up in a longer term situation of managing several HDFS paths and keeping them controlled manually.

Currently that fix is not in scope of a backport, since this plugin is not supported for use in a CDH environment, but it may be added in future (such as if/when a rebase occurs).

View solution in original post

2 REPLIES 2

avatar
Mentor
We do not currently recommend the use of StorageBasedAuthorizationProvider. While Sentry's initial setup (esp. with HDFS ACL sync enabled) may seem a little involved, note that its much simpler than ending up in a longer term situation of managing several HDFS paths and keeping them controlled manually.

Currently that fix is not in scope of a backport, since this plugin is not supported for use in a CDH environment, but it may be added in future (such as if/when a rebase occurs).

avatar
New Contributor

Hello Harsh,

 

Many thanks for your reply !

 

Got it for the StorageBasedAuthorizationProvider. We already started to use Sentry and has some issues for sharing rights without "Synchronizing HDFS ACLs and Sentry Permissions". The fact we couldn't use impersonation anymore was blocking. I'm going to try the syncronizing feature and everything should go smoothly now. I hope 🙂

 

Cheers,

 

Pierre