Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Hortonworks Inc. 2013 Secure SQL Standard based Authorization for Apache Hive Thejas Page 1.

Published byCorey Wells Modified over 9 years ago

Similar presentations

Presentation on theme: "© Hortonworks Inc. 2013 Secure SQL Standard based Authorization for Apache Hive Thejas Page 1."— Presentation transcript:

1 © Hortonworks Inc. 2013 Secure SQL Standard based Authorization for Apache Hive Thejas Nair @thejasn Page 1

2 © Hortonworks Inc. 2011 Current status Page 2 Architecting the Future of Big Data Unsecure fine grained authorization Supports authorization on views Incomplete model No authorization for access control statements Client side checks, but lacks features to secure the client Secure coarse grained storage Secure, storage based authorization Works on metastore server, provides authorization for hcat users (pig, MR,..) Does not work on views

3 © Hortonworks Inc. 2011 SQL Standard based authorization Page 3 Architecting the Future of Big Data Model based on SQL:2011 Fine grained authorization Hive client side checks – (in HiveServer2) Authorization checks for user submitting query Query run as HiveServer2 user

4 © Hortonworks Inc. 2011 Requirements Page 4 Architecting the Future of Big Data Data accessible to HiveServer2 (HS2) user Disable non sql commands (dfs, shell, transform), untrusted udfs.

5 © Hortonworks Inc. 2011 What about pig, MR users Page 5 Architecting the Future of Big Data Pig/MR do not use hive client, uses hcatalog ( => metastore api) Storage based authorization (SBA) can be enabled on metastore server New authorization model requires HS2 user to have access on storage => SBA pass Pig/MR users are often the ‘data curators’ and coarse grain authorization is what they usually need.

6 © Hortonworks Inc. 2011 SQL authorization model Page 6 Architecting the Future of Big Data Users Roles Privileges Objects

7 © Hortonworks Inc. 2011 Users and Roles Page 7 Architecting the Future of Big Data Users can belong to one or more roles Special roles (sql extn) PUBLIC – all users belong to this role SUPERUSER – priv to create/drop role, access management. Pluggable sources for user to role mapping. Eg hdfs groups. A namespace portion will help identify the source.

8 © Hortonworks Inc. 2011 Privileges Page 8 Architecting the Future of Big Data ● SELECT - read access to object ● INSERT - add data to object (table) ● UPDATE - update queries on object (table) ● DELETE - delete data in object (table) ● ALL PRIVILEGES all privileges

9 © Hortonworks Inc. 2011 Objects Page 9 Architecting the Future of Big Data Access control statements on tables and views will be supported first.

10 © Hortonworks Inc. 2011 Details in functional spec in HIVE-5837 Architecting the Future of Big Data Page 10

Download ppt "© Hortonworks Inc. 2013 Secure SQL Standard based Authorization for Apache Hive Thejas Page 1."

Similar presentations

Building Portals to access Grid Middleware National Technical University of Athens Konstantinos Dolkas, On behalf of Andreas Menychtas.

Building Portals to access Grid Middleware National Technical University of Athens Konstantinos Dolkas, On behalf of Andreas Menychtas.
© Hortonworks Inc. 2011 MapReduce over snapshots HBASE-8369 Enis Soztutar Enis [at] apache [dot] Page 1.

© Hortonworks Inc MapReduce over snapshots HBASE-8369 Enis Soztutar Enis [at] apache [dot] Page 1.
Hive Security Yongqiang He Software Engineer Facebook Data Infrastructure Team.

Hive Security Yongqiang He Software Engineer Facebook Data Infrastructure Team.
SQOOP HCatalog Integration

SQOOP HCatalog Integration
Query Methods (SQL). What is SQL A programming language for databases. SQL (structured Query Language) It allows you add, edit, delete and run queries.

Query Methods (SQL). What is SQL A programming language for databases. SQL (structured Query Language) It allows you add, edit, delete and run queries.
© Hortonworks Inc. 2014 Apache Hadoop 2.0 Migration from 1.0 to 2.0 Vinod Kumar Vavilapalli Hortonworks Inc vinodkv [at] Page 1.

© Hortonworks Inc Apache Hadoop 2.0 Migration from 1.0 to 2.0 Vinod Kumar Vavilapalli Hortonworks Inc vinodkv [at] Page 1.
© Hortonworks Inc. 2011 Daniel Dai Thejas Nair Page 1 Making Pig Fly Optimizing Data Processing on Hadoop.

© Hortonworks Inc Daniel Dai Thejas Nair Page 1 Making Pig Fly Optimizing Data Processing on Hadoop.
Murach’s Java SE 6, C21© 2007, Mike Murach & Associates, Inc.Slide 1.

Murach’s Java SE 6, C21© 2007, Mike Murach & Associates, Inc.Slide 1.
TDPS Wireless v1.8.1900. Enhancements E1 - Multi load E2 - Driver time scheduler.

TDPS Wireless v Enhancements E1 - Multi load E2 - Driver time scheduler.
Hive - A Warehousing Solution Over a Map-Reduce Framework.

Hive - A Warehousing Solution Over a Map-Reduce Framework.
Understand Database Security Concepts

Understand Database Security Concepts
Hive: A data warehouse on Hadoop

Hive: A data warehouse on Hadoop
System Administration Accounts privileges, users and roles

System Administration Accounts privileges, users and roles
Cross-curricular Assignment Using your case study…

Cross-curricular Assignment Using your case study…
© Hortonworks Inc. 2014 HiveServer2 HA/Rolling Upgrade April 2015 Page 1 Vaibhav

© Hortonworks Inc HiveServer2 HA/Rolling Upgrade April 2015 Page 1 Vaibhav
Client-server database systems and ODBC l Client-server architecture and components l More on reliability and security l ODBC standard.

Client-server database systems and ODBC l Client-server architecture and components l More on reliability and security l ODBC standard.
Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign.

Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign.
Database Management Systems (DBMS)

Database Management Systems (DBMS)
© Hortonworks Inc. 2013 Adding ACID Updates to Hive October 2013 Page 1 Owen

© Hortonworks Inc Adding ACID Updates to Hive October 2013 Page 1 Owen
Raghav Ayyamani. Copyright Ellis Horowitz, 2011 - 20122 Why Another Data Warehousing System? Problem : Data, data and more data Several TBs of data everyday.

Raghav Ayyamani. Copyright Ellis Horowitz, Why Another Data Warehousing System? Problem : Data, data and more data Several TBs of data everyday.

Similar presentations

Ads by Google