...
The following table shows the minimum permissions required for Hive operations under this authorization model:
Operation | Database | Database | Table | Table |
| Read Access | Database Write Access | Table Read Access | Table Write Access |
|---|---|---|---|---|---|---|---|---|---|
LOAD |
|
|
| X | |||||
EXPORT |
|
| X |
| |||||
IMPORT |
|
|
| X | |||||
CREATE TABLE |
| X |
|
| |||||
CREATE TABLE AS SELECT |
| X | X |
| |||||
DROP TABLE |
| X |
|
| |||||
SELECT |
|
| X |
| |||||
ALTER TABLE |
|
|
| X | |||||
SHOW TABLES | X |
|
|
|
Caution: This authorization model does not prevent malicious users from doing bad things, because of the way authorization is currently implemented in Hive. See the Known Issues section below.
Configuring File-System
...
Based Authorization
The implementation of the file-system-based authorization model is available in the HCatalog package. (Support for this is likely to be added to the Hive package in the future.) So using this implementation requires installing the HCatalog package along with Hive.
...
| Code Block |
|---|
<property>
<name>hive.security.authorization.enabled</name>
<value>true</value>
<description>enable or disable the hive client authorization</description>
</property>
<property>
<name>hive.security.authorization.manager</name>
<value>org.apache.hcatalog.security.HdfsAuthorizationProvider</value>
<description>the hive client authorization manager class name.
The user defined authorization class should implement interface
org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider.
</description>
</property>
|
...