Ch1 #3
Ch1 #3
Conversation
…n but also auditing across products
There was a problem hiding this comment.
Hello @aloklal99, I'm in the process of validating & reviewing these changes.
Here are my review comments.
| @@ -146,3 +147,7 @@ hence should have their replication factor increased), and which do not get | |||
| used more then 7 days after their creation —and hence can be automatically deleted | |||
| as part of a workflow. | |||
|
|
|||
| HBase, Hive and HDFS allow for creation and management of such audit logs. Various | |||
There was a problem hiding this comment.
We don't really need to repeat the same line from Authorization to convey that Apache Ranger can provide uniform auditing capabilities for HDFS, Hive and HBase.
| Similarly, HBase and Accumulo have their users and permissions, while Hive uses the | ||
| permissions of the source files as its primary access control mechanism. | ||
| Similarly, HBase and Accumulo have their users and permissions, while Hive can | ||
| authorize users either through its permisions model or use the |
There was a problem hiding this comment.
+1. More appropriate would be to mention "SQL Standard based" - permission model.
|
I was beginning to think that this thing died right after @steveloughran gave that talk at HDP. Talks often can often jinx things?! 😉 I'm glad it has been revived, though. I had lost interest in reading further when this pull request didn't go anywhere. I might get back to reading it now. Cheers! |
|
I've just been avoiding Keberos |
Following is the evidence of the submitted changes. Please review:
While Hive has had a [storage based authorizer] in wide use (https://cwiki.apache.org/confluence/display/Hive/HCatalog+Authorization), last year it also added a SQL Standard based authorizer. As the name implies this authorizer aims to take Hive's access model as close to traditional RDBMS authorization model.
Just like authorization most application offer their own means of auditing access, e.g. Hive auditing, HBase audit logging HDFS Audit logging. Ranger addresses these by providing a uniform way to specify and view audit as it does in case of authorization.