Grokbase Groups Hive dev June 2011
FAQ
Thrift MetaStore interface bypasses authorization checks
--------------------------------------------------------

Key: HIVE-2241
URL: https://issues.apache.org/jira/browse/HIVE-2241
Project: Hive
Issue Type: Bug
Components: JDBC, Metastore, ODBC, Security
Reporter: Carl Steinbach


Hive's authorization mechanism works with DML and DDL statements only. Authorization checks are not applied when a Thrift client directly accesses the Metastore's Thrift interface, e.g. create_table(), drop_table(), alter_table(), get_databases(), get_tables(), etc.

Catalog functions such as get_databases() and get_tables() are directly accessed by JDBC and ODBC drivers.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Search Discussions

  • Enis Soztutar (Assigned) (JIRA) at Jan 12, 2012 at 7:41 pm
    [ https://issues.apache.org/jira/browse/HIVE-2241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

    Enis Soztutar reassigned HIVE-2241:
    -----------------------------------

    Assignee: Enis Soztutar
    Thrift MetaStore interface bypasses authorization checks
    --------------------------------------------------------

    Key: HIVE-2241
    URL: https://issues.apache.org/jira/browse/HIVE-2241
    Project: Hive
    Issue Type: Bug
    Components: JDBC, Metastore, ODBC, Security
    Reporter: Carl Steinbach
    Assignee: Enis Soztutar

    Hive's authorization mechanism works with DML and DDL statements only. Authorization checks are not applied when a Thrift client directly accesses the Metastore's Thrift interface, e.g. create_table(), drop_table(), alter_table(), get_databases(), get_tables(), etc.
    Catalog functions such as get_databases() and get_tables() are directly accessed by JDBC and ODBC drivers.
    --
    This message is automatically generated by JIRA.
    If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
    For more information on JIRA, see: http://www.atlassian.com/software/jira
  • Carl Steinbach (Updated) (JIRA) at Feb 2, 2012 at 10:21 pm
    [ https://issues.apache.org/jira/browse/HIVE-2241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

    Carl Steinbach updated HIVE-2241:
    ---------------------------------

    Component/s: Authorization
    Thrift MetaStore interface bypasses authorization checks
    --------------------------------------------------------

    Key: HIVE-2241
    URL: https://issues.apache.org/jira/browse/HIVE-2241
    Project: Hive
    Issue Type: Bug
    Components: Authorization, JDBC, Metastore, ODBC, Security
    Reporter: Carl Steinbach
    Assignee: Enis Soztutar

    Hive's authorization mechanism works with DML and DDL statements only. Authorization checks are not applied when a Thrift client directly accesses the Metastore's Thrift interface, e.g. create_table(), drop_table(), alter_table(), get_databases(), get_tables(), etc.
    Catalog functions such as get_databases() and get_tables() are directly accessed by JDBC and ODBC drivers.
    --
    This message is automatically generated by JIRA.
    If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
    For more information on JIRA, see: http://www.atlassian.com/software/jira

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupdev @
categorieshive, hadoop
postedJun 27, '11 at 5:03p
activeFeb 2, '12 at 10:21p
posts3
users1
websitehive.apache.org

People

Translate

site design / logo © 2021 Grokbase