THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- Skip auth in embedded metasore mode regardless of "hive.metastore.event.db.notification.api.auth" setting
The reason is that we know the metastore calls are made from hive as opposed to other un-authorized processes that are running metastore client. - Enable auth in remote metastore mode if "hive.metastore.event.db.notification.api.auth" set to true
The UGI of the remote metastore client is always set on metastore server. We retrieve this user info and check if this user has proxy privilege according to the proxy user settings. For example, the UGI is user "hive" and "hive" been configured to have the proxy privilege against a list of hosts. Then the auth will pass for the notification related calls from those hosts. If the a user "foo" is performing repl operations (e.g. an end user "foo" calling through HS2 with doAs=true), then the auth will fail unless user "foo" is configured to have the proxy privilege.
...