Hive Metastore Authorization

[Colin Williams <co...@gmail.com>]

Hi,

I'm curious regarding Hive Metastore and Authorization. I'm trying to
determine if the Hive Metastore supports Authorization, and in what
forms?

For example, does the Hive Metastore provide some way to granularly
define access to information regarding the existence of a table within
the Metastore, and fetch it's Table Schema? If so would someone point
out some examples on a configuration like this? If Hive Metastore
doesn't allow for this Authorization, can someone suggest what
alternatives exist?

Kind Regards,

Colin Williams

Re: Hive Metastore Authorization

[Sai Hemanth Gantasala <sa...@cloudera.com>]

Hi Colin Williams,

Hive metastore natively supports storage-based authorization (SBA). SBA
provides a decent amount of control/authorization level at a broader level
on the metadata objects like databases, tables, partitions e.t.c
If your use case requires more fine-grain access levels like columns or
views, you would have to use SQL standard authorizer in the HS2.
Hive also alternatively supports Apache Ranger/Sentry plugins which provide
even rich/easy/fine grain access control on the metadata objects.
https://cwiki.apache.org/confluence/display/Hive/LanguageManual+Authorization
==> This wiki talks in detail about authorization support in Hive.

Thanks,
Sai.

On Wed, Dec 28, 2022 at 4:15 PM Colin Williams <
colin.williams.seattle@gmail.com> wrote:

> Hi,
>
> I'm curious regarding Hive Metastore and Authorization. I'm trying to
> determine if the Hive Metastore supports Authorization, and in what
> forms?
>
> For example, does the Hive Metastore provide some way to granularly
> define access to information regarding the existence of a table within
> the Metastore, and fetch it's Table Schema? If so would someone point
> out some examples on a configuration like this? If Hive Metastore
> doesn't allow for this Authorization, can someone suggest what
> alternatives exist?
>
> Kind Regards,
>
> Colin Williams
>