...
The default authorization model of Hive supports a traditional RDBMS style of authorization based on users, groups and roles and granting them permissions to do operations on database or table. It is described in more detail in Hive Authorization and Hive Default Authorization - deprecated authorization mode / Legacy Mode.
This RDBMS style of authorization is not very suitable for the typical use cases in Hadoop because of the following differences in implementation:
...
When the database or table is backed by a file system that has a Unix/POSIX-style permissions model (like HDFS), there are read(r) and write(w) permissions you can set for the owner user, group and ‘other’. The file system’s logic for determining if a user has permission on the directory or file will be used by Hive.
Details of HDFS permissions are given at http://hadoop.apache.org/docs/rx.x.x/hdfs_permissions_guide.html, for example:
...
Note: Support for HDFS ACL (introduced in Apache Hadoop 2.4) is not available in the released versions of Hive. Which means, that it checks only the traditional rwx style permissions to determine if a user can write to the file system. The support for ACL is available in Hive trunk HIVE-7583, which will be available in Hive 0.14.
Links to documentation for different releases of Hadoop can be found here: http://hadoop.apache.org/docs/.
Note: If hive.warehouse.subdir.inherit.perms is enabled, permissions and ACL's for Hive-created files and directories will be set via the following permission inheritance rules.
The file system’s logic for determining if a user has permission on the directory or file will be used by Hive.
Minimum Permissions
The following table shows the minimum permissions required for Hive operations under this authorization model:
...
| Panel | ||||||
|---|---|---|---|---|---|---|
| ||||||
Previous: Notification Hive documents: Authorization and Storage Based Authorization in the Metastore Server General: HCatalog Manual – WebHCat Manual – Hive Wiki Home – Hive Project Site |