You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@hive.apache.org by Rob Anderson <ro...@gmail.com> on 2017/05/09 21:59:47 UTC
SQL Standard Based Hive Authorization with CDH 5.X
Has anyone implemented SQL Standard Based Hive Authorization with CDH 5.5.2
(hive1.1.0)?
Cloudera has confirmed that it's not supported, but I have a need that
requires the implementation.
I've followed: https://cwiki.apache.org/confluence/display/Hive/SQL+
Standard+Based+Hive+Authorization
I've added the following to "HiveServer2 Advanced Configuration Snippet
(Safety Valve) for hive-site.xml" via Cloudera Manager.
<property>
<name>hive.server2.enable.doAs</name>
<value>false</value>
</property>
<property>
<name>hive.users.in.admin.role</name>
<value>oozie_runtime,hive,randerson</value>
</property>
<property>
<name>hive.security.metastore.authorization.manager</name>
<value>org.apache.hadoop.hive.ql.security.authorization.MetaStoreAuthzAPIAuthorizerEmbedOnly</value>
</property>
<property>
<name>hive.security.authorization.manager</name>
<value>org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdConfOnlyAuthorizerFactory</value>
</property>
<property>
<name>hive.security.authorization.task.factory</name>
<value>org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactoryImpl</value>
</property>
I've tried adding the following start up options to "HiveServer2
Environment Advanced Configuration Snippet (Safety Valve)" via Cloudera
Manager.
- -hiveconf hive.security.authorization.manager=org.apache.hadoop.
hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory
- -hiveconf hive.security.authorization.enabled=true
- -hiveconf hive.security.authenticator.manager=org.apache.hadoop.
hive.ql.security.SessionStateUserAuthenticator
- -hiveconf hive.metastore.uris=' '
I get the following error:
Could not parse: HiveServer2 Environment Advanced Configuration Snippet
(Safety Valve) : Could not parse parameter 'hive_hs2_env_safety_valve'. Was
expecting: valid variable name. Input: -hiveconf hive
.security.authorization.manager=org.apache.hadoop.hive
.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory -hiveconf
hive.security.authorization.enabled=true -hiveconf hive
.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator
-hiveconf hive.metastore.uris=' '
So, in short - I'm not sure how to start hiveserver2 with those options.
Any help you can offer is appreciated.
Thanks,
Rob
Re: SQL Standard Based Hive Authorization with CDH 5.X
Posted by Thejas Nair <th...@gmail.com>.
You can also set them via hiveserver2-site.xml instead of passing them as
commandline params.
Let me make that more clear in the doc.
On Thu, May 11, 2017 at 9:36 AM, Rob Anderson <ro...@gmail.com>
wrote:
> You add the options to HiveServer2 Environment Advanced Configuration
> Snippet (Safety Valve) via:
>
> HIVE_OPTS=--hiveconf hive.security.authorization.
> manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory
> --hiveconf hive.security.authorization.enabled=true --hiveconf
> hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator
> --hiveconf hive.metastore.uris='thrift://XXXXXX:9083'
>
> Works fine.
>
> Rob
>
> On Tue, May 9, 2017 at 3:59 PM, Rob Anderson <ro...@gmail.com>
> wrote:
>
>> Has anyone implemented SQL Standard Based Hive Authorization with CDH
>> 5.5.2 (hive1.1.0)?
>>
>> Cloudera has confirmed that it's not supported, but I have a need that
>> requires the implementation.
>>
>> I've followed: https://cwiki.apache.org/confl
>> uence/display/Hive/SQL+Standard+Based+Hive+Authorization
>>
>> I've added the following to "HiveServer2 Advanced Configuration Snippet
>> (Safety Valve) for hive-site.xml" via Cloudera Manager.
>>
>> <property>
>>
>> <name>hive.server2.enable.doAs</name>
>>
>> <value>false</value>
>>
>> </property>
>>
>> <property>
>>
>> <name>hive.users.in.admin.role</name>
>>
>> <value>oozie_runtime,hive,randerson</value>
>>
>> </property>
>>
>> <property>
>>
>> <name>hive.security.metastore.authorization.manager</name>
>>
>> <value>org.apache.hadoop.hive.ql.security.authorization.Meta
>> StoreAuthzAPIAuthorizerEmbedOnly</value>
>>
>> </property>
>>
>> <property>
>>
>> <name>hive.security.authorization.manager</name>
>>
>> <value>org.apache.hadoop.hive.ql.security.authorization.plug
>> in.sqlstd.SQLStdConfOnlyAuthorizerFactory</value>
>>
>> </property>
>>
>> <property>
>>
>> <name>hive.security.authorization.task.factory</name>
>>
>> <value>org.apache.hadoop.hive.ql.parse.authorization.HiveAut
>> horizationTaskFactoryImpl</value>
>>
>> </property>
>>
>>
>> I've tried adding the following start up options to "HiveServer2
>> Environment Advanced Configuration Snippet (Safety Valve)" via Cloudera
>> Manager.
>>
>> - -hiveconf hive.security.authorization.ma
>> nager=org.apache.hadoop.hive.ql.security.authorization.plugi
>> n.sqlstd.SQLStdHiveAuthorizerFactory
>>
>>
>> - -hiveconf hive.security.authorization.enabled=true
>> - -hiveconf hive.security.authenticator.ma
>> nager=org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator
>> - -hiveconf hive.metastore.uris=' '
>>
>>
>> I get the following error:
>>
>> Could not parse: HiveServer2 Environment Advanced Configuration Snippet
>> (Safety Valve) : Could not parse parameter 'hive_hs2_env_safety_valve'.
>> Was expecting: valid variable name. Input: -hiveconf hive.
>> security.authorization.manager=org.apache.hadoop.hive.q
>> l.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory -hiveconf
>> hive.security.authorization.enabled=true -hiveconf hive.
>> security.authenticator.manager=org.apache.hadoop.hive.q
>> l.security.SessionStateUserAuthenticator -hiveconf hive.metastore.uris='
>> '
>>
>> So, in short - I'm not sure how to start hiveserver2 with those options.
>> Any help you can offer is appreciated.
>>
>> Thanks,
>>
>> Rob
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
Re: SQL Standard Based Hive Authorization with CDH 5.X
Posted by Rob Anderson <ro...@gmail.com>.
You add the options to HiveServer2 Environment Advanced Configuration
Snippet (Safety Valve) via:
HIVE_OPTS=--hiveconf
hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory
--hiveconf hive.security.authorization.enabled=true --hiveconf
hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator
--hiveconf hive.metastore.uris='thrift://XXXXXX:9083'
Works fine.
Rob
On Tue, May 9, 2017 at 3:59 PM, Rob Anderson <ro...@gmail.com>
wrote:
> Has anyone implemented SQL Standard Based Hive Authorization with CDH
> 5.5.2 (hive1.1.0)?
>
> Cloudera has confirmed that it's not supported, but I have a need that
> requires the implementation.
>
> I've followed: https://cwiki.apache.org/confl
> uence/display/Hive/SQL+Standard+Based+Hive+Authorization
>
> I've added the following to "HiveServer2 Advanced Configuration Snippet
> (Safety Valve) for hive-site.xml" via Cloudera Manager.
>
> <property>
>
> <name>hive.server2.enable.doAs</name>
>
> <value>false</value>
>
> </property>
>
> <property>
>
> <name>hive.users.in.admin.role</name>
>
> <value>oozie_runtime,hive,randerson</value>
>
> </property>
>
> <property>
>
> <name>hive.security.metastore.authorization.manager</name>
>
> <value>org.apache.hadoop.hive.ql.security.authorization.
> MetaStoreAuthzAPIAuthorizerEmbedOnly</value>
>
> </property>
>
> <property>
>
> <name>hive.security.authorization.manager</name>
>
> <value>org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.
> SQLStdConfOnlyAuthorizerFactory</value>
>
> </property>
>
> <property>
>
> <name>hive.security.authorization.task.factory</name>
>
> <value>org.apache.hadoop.hive.ql.parse.authorization.
> HiveAuthorizationTaskFactoryImpl</value>
>
> </property>
>
>
> I've tried adding the following start up options to "HiveServer2
> Environment Advanced Configuration Snippet (Safety Valve)" via Cloudera
> Manager.
>
> - -hiveconf hive.security.authorization.manager=org.apache.hadoop.hive.
> ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory
>
>
> - -hiveconf hive.security.authorization.enabled=true
> - -hiveconf hive.security.authenticator.manager=org.apache.hadoop.hive.
> ql.security.SessionStateUserAuthenticator
> - -hiveconf hive.metastore.uris=' '
>
>
> I get the following error:
>
> Could not parse: HiveServer2 Environment Advanced Configuration Snippet
> (Safety Valve) : Could not parse parameter 'hive_hs2_env_safety_valve'.
> Was expecting: valid variable name. Input: -hiveconf hive.
> security.authorization.manager=org.apache.hadoop.hive.
> ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory -hiveconf
> hive.security.authorization.enabled=true -hiveconf hive.
> security.authenticator.manager=org.apache.hadoop.hive.
> ql.security.SessionStateUserAuthenticator -hiveconf hive.metastore.uris='
> '
>
> So, in short - I'm not sure how to start hiveserver2 with those options.
> Any help you can offer is appreciated.
>
> Thanks,
>
> Rob
>
>
>
>
>
>
>
>
>