Multiuser setup on Hive

[Austin Chungath <au...@gmail.com>]

Hi,

I had been trying to set up a multi user environment for hive.
I have set up the hive metastore db in MySQL and hive works.

Consider this scenario:

user1 has created a database data1
user2 has created a database data2

Now user2 logs into hive and he is able to see and delete database data2

How do I prevent this?

Regards,
Austin

Re: Multiuser setup on Hive

[Michel Segel <mi...@hotmail.com>]

User 2 has the permission to delete database2 because he created it.
Did the OP mean that user1 can delete it?  If so there are permissions that would prevent that.


Sent from a remote device. Please excuse any typos...

Mike Segel

On Nov 22, 2012, at 2:41 AM, Alexander Alten-Lorenz <wg...@gmail.com> wrote:

> You could use SASL / kerberos implementation within HiveServer2. Depends on a kerberosized cluster, too. Hive's metastore server provides the same mechanism, but isn't fully multi connect ready.
> Here's a link:
> http://ben-tech.blogspot.de/2012/10/hive-server-2-in-cdh41.html
> 
> - Alex
> 
> On Nov 22, 2012, at 7:46 AM, Austin Chungath <au...@gmail.com> wrote:
> 
>> Hi,
>> 
>> I had been trying to set up a multi user environment for hive.
>> I have set up the hive metastore db in MySQL and hive works.
>> 
>> Consider this scenario:
>> 
>> user1 has created a database data1
>> user2 has created a database data2
>> 
>> Now user2 logs into hive and he is able to see and delete database data2
>> 
>> How do I prevent this?
>> 
>> Regards,
>> Austin
> 
> --
> Alexander Alten-Lorenz
> http://mapredit.blogspot.com
> German Hadoop LinkedIn Group: http://goo.gl/N8pCF
> 
> 

Re: Multiuser setup on Hive

[Alexander Alten-Lorenz <wg...@gmail.com>]

That means a separate metastore per User / different port. Please have in mind, anyone should maintain this. On top, the user has to choose the right JDBC connection. I have my doubt on such a installation ;)

cheers,
 Alex

On Nov 22, 2012, at 10:48 AM, Austin Chungath <au...@gmail.com> wrote:

> Thanks Alex,
> But unfortunately I don't have kerberos implementation right now to try it
> out.
> I was wondering if we can create multiple metastore dbs in mysql and then
> for each user group make separate hive-site.xml which has the username and
> jdbc connection details. Do I make any sense? is something in these lines
> possible?
> 
> Regards,
> Austin
> 
> 
> On Thu, Nov 22, 2012 at 2:11 PM, Alexander Alten-Lorenz <wget.null@gmail.com
>> wrote:
> 
>> You could use SASL / kerberos implementation within HiveServer2. Depends
>> on a kerberosized cluster, too. Hive's metastore server provides the same
>> mechanism, but isn't fully multi connect ready.
>> Here's a link:
>> http://ben-tech.blogspot.de/2012/10/hive-server-2-in-cdh41.html
>> 
>> - Alex
>> 
>> On Nov 22, 2012, at 7:46 AM, Austin Chungath <au...@gmail.com> wrote:
>> 
>>> Hi,
>>> 
>>> I had been trying to set up a multi user environment for hive.
>>> I have set up the hive metastore db in MySQL and hive works.
>>> 
>>> Consider this scenario:
>>> 
>>> user1 has created a database data1
>>> user2 has created a database data2
>>> 
>>> Now user2 logs into hive and he is able to see and delete database data2
>>> 
>>> How do I prevent this?
>>> 
>>> Regards,
>>> Austin
>> 
>> --
>> Alexander Alten-Lorenz
>> http://mapredit.blogspot.com
>> German Hadoop LinkedIn Group: http://goo.gl/N8pCF
>> 
>> 

--
Alexander Alten-Lorenz
http://mapredit.blogspot.com
German Hadoop LinkedIn Group: http://goo.gl/N8pCF

Re: Multiuser setup on Hive

[Austin Chungath <au...@gmail.com>]

Thanks Alex,
But unfortunately I don't have kerberos implementation right now to try it
out.
I was wondering if we can create multiple metastore dbs in mysql and then
for each user group make separate hive-site.xml which has the username and
jdbc connection details. Do I make any sense? is something in these lines
possible?

Regards,
Austin


On Thu, Nov 22, 2012 at 2:11 PM, Alexander Alten-Lorenz <wget.null@gmail.com
> wrote:

> You could use SASL / kerberos implementation within HiveServer2. Depends
> on a kerberosized cluster, too. Hive's metastore server provides the same
> mechanism, but isn't fully multi connect ready.
> Here's a link:
> http://ben-tech.blogspot.de/2012/10/hive-server-2-in-cdh41.html
>
> - Alex
>
> On Nov 22, 2012, at 7:46 AM, Austin Chungath <au...@gmail.com> wrote:
>
> > Hi,
> >
> > I had been trying to set up a multi user environment for hive.
> > I have set up the hive metastore db in MySQL and hive works.
> >
> > Consider this scenario:
> >
> > user1 has created a database data1
> > user2 has created a database data2
> >
> > Now user2 logs into hive and he is able to see and delete database data2
> >
> > How do I prevent this?
> >
> > Regards,
> > Austin
>
> --
> Alexander Alten-Lorenz
> http://mapredit.blogspot.com
> German Hadoop LinkedIn Group: http://goo.gl/N8pCF
>
>

Re: Multiuser setup on Hive

[Michel Segel <mi...@hotmail.com>]

User 2 has the permission to delete database2 because he created it.
Did the OP mean that user1 can delete it?  If so there are permissions that would prevent that.


Sent from a remote device. Please excuse any typos...

Mike Segel

On Nov 22, 2012, at 2:41 AM, Alexander Alten-Lorenz <wg...@gmail.com> wrote:

> You could use SASL / kerberos implementation within HiveServer2. Depends on a kerberosized cluster, too. Hive's metastore server provides the same mechanism, but isn't fully multi connect ready.
> Here's a link:
> http://ben-tech.blogspot.de/2012/10/hive-server-2-in-cdh41.html
> 
> - Alex
> 
> On Nov 22, 2012, at 7:46 AM, Austin Chungath <au...@gmail.com> wrote:
> 
>> Hi,
>> 
>> I had been trying to set up a multi user environment for hive.
>> I have set up the hive metastore db in MySQL and hive works.
>> 
>> Consider this scenario:
>> 
>> user1 has created a database data1
>> user2 has created a database data2
>> 
>> Now user2 logs into hive and he is able to see and delete database data2
>> 
>> How do I prevent this?
>> 
>> Regards,
>> Austin
> 
> --
> Alexander Alten-Lorenz
> http://mapredit.blogspot.com
> German Hadoop LinkedIn Group: http://goo.gl/N8pCF
> 
> 

Re: Multiuser setup on Hive

[Michel Segel <mi...@hotmail.com>]

User 2 has the permission to delete database2 because he created it.
Did the OP mean that user1 can delete it?  If so there are permissions that would prevent that.


Sent from a remote device. Please excuse any typos...

Mike Segel

On Nov 22, 2012, at 2:41 AM, Alexander Alten-Lorenz <wg...@gmail.com> wrote:

> You could use SASL / kerberos implementation within HiveServer2. Depends on a kerberosized cluster, too. Hive's metastore server provides the same mechanism, but isn't fully multi connect ready.
> Here's a link:
> http://ben-tech.blogspot.de/2012/10/hive-server-2-in-cdh41.html
> 
> - Alex
> 
> On Nov 22, 2012, at 7:46 AM, Austin Chungath <au...@gmail.com> wrote:
> 
>> Hi,
>> 
>> I had been trying to set up a multi user environment for hive.
>> I have set up the hive metastore db in MySQL and hive works.
>> 
>> Consider this scenario:
>> 
>> user1 has created a database data1
>> user2 has created a database data2
>> 
>> Now user2 logs into hive and he is able to see and delete database data2
>> 
>> How do I prevent this?
>> 
>> Regards,
>> Austin
> 
> --
> Alexander Alten-Lorenz
> http://mapredit.blogspot.com
> German Hadoop LinkedIn Group: http://goo.gl/N8pCF
> 
> 

Re: Multiuser setup on Hive

[Michel Segel <mi...@hotmail.com>]

User 2 has the permission to delete database2 because he created it.
Did the OP mean that user1 can delete it?  If so there are permissions that would prevent that.


Sent from a remote device. Please excuse any typos...

Mike Segel

On Nov 22, 2012, at 2:41 AM, Alexander Alten-Lorenz <wg...@gmail.com> wrote:

> You could use SASL / kerberos implementation within HiveServer2. Depends on a kerberosized cluster, too. Hive's metastore server provides the same mechanism, but isn't fully multi connect ready.
> Here's a link:
> http://ben-tech.blogspot.de/2012/10/hive-server-2-in-cdh41.html
> 
> - Alex
> 
> On Nov 22, 2012, at 7:46 AM, Austin Chungath <au...@gmail.com> wrote:
> 
>> Hi,
>> 
>> I had been trying to set up a multi user environment for hive.
>> I have set up the hive metastore db in MySQL and hive works.
>> 
>> Consider this scenario:
>> 
>> user1 has created a database data1
>> user2 has created a database data2
>> 
>> Now user2 logs into hive and he is able to see and delete database data2
>> 
>> How do I prevent this?
>> 
>> Regards,
>> Austin
> 
> --
> Alexander Alten-Lorenz
> http://mapredit.blogspot.com
> German Hadoop LinkedIn Group: http://goo.gl/N8pCF
> 
> 

Re: Multiuser setup on Hive

[Alexander Alten-Lorenz <wg...@gmail.com>]

You could use SASL / kerberos implementation within HiveServer2. Depends on a kerberosized cluster, too. Hive's metastore server provides the same mechanism, but isn't fully multi connect ready.
Here's a link:
http://ben-tech.blogspot.de/2012/10/hive-server-2-in-cdh41.html

- Alex

On Nov 22, 2012, at 7:46 AM, Austin Chungath <au...@gmail.com> wrote:

> Hi,
> 
> I had been trying to set up a multi user environment for hive.
> I have set up the hive metastore db in MySQL and hive works.
> 
> Consider this scenario:
> 
> user1 has created a database data1
> user2 has created a database data2
> 
> Now user2 logs into hive and he is able to see and delete database data2
> 
> How do I prevent this?
> 
> Regards,
> Austin

--
Alexander Alten-Lorenz
http://mapredit.blogspot.com
German Hadoop LinkedIn Group: http://goo.gl/N8pCF

Re: Multiuser setup on Hive

[Austin Chungath <au...@gmail.com>]

Typo, I meant "user2 logs into hive and he is able to see and delete
database data1"

On Thu, Nov 22, 2012 at 12:16 PM, Austin Chungath <au...@gmail.com>wrote:

> Hi,
>
> I had been trying to set up a multi user environment for hive.
> I have set up the hive metastore db in MySQL and hive works.
>
> Consider this scenario:
>
> user1 has created a database data1
> user2 has created a database data2
>
> Now user2 logs into hive and he is able to see and delete database data2
>
> How do I prevent this?
>
> Regards,
> Austin
>
>
>

Re: Multiuser setup on Hive

[Alexander Alten-Lorenz <wg...@gmail.com>]

You could use SASL / kerberos implementation within HiveServer2. Depends on a kerberosized cluster, too. Hive's metastore server provides the same mechanism, but isn't fully multi connect ready.
Here's a link:
http://ben-tech.blogspot.de/2012/10/hive-server-2-in-cdh41.html

- Alex

On Nov 22, 2012, at 7:46 AM, Austin Chungath <au...@gmail.com> wrote:

> Hi,
> 
> I had been trying to set up a multi user environment for hive.
> I have set up the hive metastore db in MySQL and hive works.
> 
> Consider this scenario:
> 
> user1 has created a database data1
> user2 has created a database data2
> 
> Now user2 logs into hive and he is able to see and delete database data2
> 
> How do I prevent this?
> 
> Regards,
> Austin

--
Alexander Alten-Lorenz
http://mapredit.blogspot.com
German Hadoop LinkedIn Group: http://goo.gl/N8pCF

Re: Multiuser setup on Hive

[Alexander Alten-Lorenz <wg...@gmail.com>]

You could use SASL / kerberos implementation within HiveServer2. Depends on a kerberosized cluster, too. Hive's metastore server provides the same mechanism, but isn't fully multi connect ready.
Here's a link:
http://ben-tech.blogspot.de/2012/10/hive-server-2-in-cdh41.html

- Alex

On Nov 22, 2012, at 7:46 AM, Austin Chungath <au...@gmail.com> wrote:

> Hi,
> 
> I had been trying to set up a multi user environment for hive.
> I have set up the hive metastore db in MySQL and hive works.
> 
> Consider this scenario:
> 
> user1 has created a database data1
> user2 has created a database data2
> 
> Now user2 logs into hive and he is able to see and delete database data2
> 
> How do I prevent this?
> 
> Regards,
> Austin

--
Alexander Alten-Lorenz
http://mapredit.blogspot.com
German Hadoop LinkedIn Group: http://goo.gl/N8pCF

Re: Multiuser setup on Hive

[Alexander Alten-Lorenz <wg...@gmail.com>]

You could use SASL / kerberos implementation within HiveServer2. Depends on a kerberosized cluster, too. Hive's metastore server provides the same mechanism, but isn't fully multi connect ready.
Here's a link:
http://ben-tech.blogspot.de/2012/10/hive-server-2-in-cdh41.html

- Alex

On Nov 22, 2012, at 7:46 AM, Austin Chungath <au...@gmail.com> wrote:

> Hi,
> 
> I had been trying to set up a multi user environment for hive.
> I have set up the hive metastore db in MySQL and hive works.
> 
> Consider this scenario:
> 
> user1 has created a database data1
> user2 has created a database data2
> 
> Now user2 logs into hive and he is able to see and delete database data2
> 
> How do I prevent this?
> 
> Regards,
> Austin

--
Alexander Alten-Lorenz
http://mapredit.blogspot.com
German Hadoop LinkedIn Group: http://goo.gl/N8pCF

Re: Multiuser setup on Hive

[Alexander Alten-Lorenz <wg...@gmail.com>]

You could use SASL / kerberos implementation within HiveServer2. Depends on a kerberosized cluster, too. Hive's metastore server provides the same mechanism, but isn't fully multi connect ready.
Here's a link:
http://ben-tech.blogspot.de/2012/10/hive-server-2-in-cdh41.html

- Alex

On Nov 22, 2012, at 7:46 AM, Austin Chungath <au...@gmail.com> wrote:

> Hi,
> 
> I had been trying to set up a multi user environment for hive.
> I have set up the hive metastore db in MySQL and hive works.
> 
> Consider this scenario:
> 
> user1 has created a database data1
> user2 has created a database data2
> 
> Now user2 logs into hive and he is able to see and delete database data2
> 
> How do I prevent this?
> 
> Regards,
> Austin

--
Alexander Alten-Lorenz
http://mapredit.blogspot.com
German Hadoop LinkedIn Group: http://goo.gl/N8pCF

Re: Multiuser setup on Hive

[Austin Chungath <au...@gmail.com>]

Thanks dean.

On Thu, Nov 22, 2012 at 7:44 PM, Dean Wampler <
dean.wampler@thinkbiganalytics.com> wrote:

> If you go the route of locking down permissions at the HDFS level, then it
> will help if everyone works in his or her own database, since all the
> tables will be rooted at a directory for each db.
>
> dean
>
>
> On Thu, Nov 22, 2012 at 2:26 AM, Austin Chungath <au...@gmail.com>wrote:
>
>> Shreepadam,
>> So what do you recommend for this? What are the current best practices
>> for deploying hive in a multi-user environment?
>>
>> Thanks,
>> Austin
>>
>>  On Thu, Nov 22, 2012 at 1:10 PM, Shreepadma Venugopalan <
>> shreepadma@cloudera.com> wrote:
>>
>>> Hi Austin,
>>>
>>> Hive authorization in its current form has a number of bugs and it is
>>> not recommended that you use it. We are planning to work on supporting
>>> authorization in a subsequent version of Hive.
>>>
>>> Thanks.
>>> Shreepadma
>>>
>>>
>>> On Wed, Nov 21, 2012 at 11:12 PM, Austin Chungath <au...@gmail.com>wrote:
>>>
>>>> Hi Bejoy,
>>>>
>>>> Thanks for the quick reply.
>>>> I had been reading through hive authorization
>>>> https://cwiki.apache.org/Hive/languagemanual-auth.html
>>>>
>>>> Is it any good. Can anyone explain what happens if I enable this?
>>>> Will I be able to prevent users from deleting other user's tables?
>>>>
>>>>
>>>> Regards,
>>>> Austin
>>>>
>>>>
>>>>
>>>> On Thu, Nov 22, 2012 at 12:20 PM, Bejoy KS <be...@yahoo.com> wrote:
>>>>
>>>>> **
>>>>> Hi Austin
>>>>>
>>>>> In hive currently you can have permissions only on the hdfs layer not
>>>>> on the metastore. The current hive metastore don't have multiuser
>>>>> permission support. Any user will be able to drop the metadata information
>>>>> now.
>>>>> Regards
>>>>> Bejoy KS
>>>>>
>>>>> Sent from handheld, please excuse typos.
>>>>> ------------------------------
>>>>> *From: * Austin Chungath <au...@gmail.com>
>>>>> *Date: *Thu, 22 Nov 2012 12:16:24 +0530
>>>>> *To: *<us...@hive.apache.org>; <us...@hadoop.apache.org>
>>>>> *ReplyTo: * user@hive.apache.org
>>>>> *Subject: *Multiuser setup on Hive
>>>>>
>>>>> Hi,
>>>>>
>>>>> I had been trying to set up a multi user environment for hive.
>>>>> I have set up the hive metastore db in MySQL and hive works.
>>>>>
>>>>> Consider this scenario:
>>>>>
>>>>> user1 has created a database data1
>>>>> user2 has created a database data2
>>>>>
>>>>> Now user2 logs into hive and he is able to see and delete database
>>>>> data2
>>>>>
>>>>> How do I prevent this?
>>>>>
>>>>> Regards,
>>>>> Austin
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>
>
>
> --
> *Dean Wampler, Ph.D.*
> thinkbiganalytics.com
> +1-312-339-1330
>
>
>

Re: Multiuser setup on Hive

[Dean Wampler <de...@thinkbiganalytics.com>]

If you go the route of locking down permissions at the HDFS level, then it
will help if everyone works in his or her own database, since all the
tables will be rooted at a directory for each db.

dean

On Thu, Nov 22, 2012 at 2:26 AM, Austin Chungath <au...@gmail.com> wrote:

> Shreepadam,
> So what do you recommend for this? What are the current best practices for
> deploying hive in a multi-user environment?
>
> Thanks,
> Austin
>
> On Thu, Nov 22, 2012 at 1:10 PM, Shreepadma Venugopalan <
> shreepadma@cloudera.com> wrote:
>
>> Hi Austin,
>>
>> Hive authorization in its current form has a number of bugs and it is not
>> recommended that you use it. We are planning to work on supporting
>> authorization in a subsequent version of Hive.
>>
>> Thanks.
>> Shreepadma
>>
>>
>> On Wed, Nov 21, 2012 at 11:12 PM, Austin Chungath <au...@gmail.com>wrote:
>>
>>> Hi Bejoy,
>>>
>>> Thanks for the quick reply.
>>> I had been reading through hive authorization
>>> https://cwiki.apache.org/Hive/languagemanual-auth.html
>>>
>>> Is it any good. Can anyone explain what happens if I enable this?
>>> Will I be able to prevent users from deleting other user's tables?
>>>
>>>
>>> Regards,
>>> Austin
>>>
>>>
>>>
>>> On Thu, Nov 22, 2012 at 12:20 PM, Bejoy KS <be...@yahoo.com> wrote:
>>>
>>>> **
>>>> Hi Austin
>>>>
>>>> In hive currently you can have permissions only on the hdfs layer not
>>>> on the metastore. The current hive metastore don't have multiuser
>>>> permission support. Any user will be able to drop the metadata information
>>>> now.
>>>> Regards
>>>> Bejoy KS
>>>>
>>>> Sent from handheld, please excuse typos.
>>>> ------------------------------
>>>> *From: * Austin Chungath <au...@gmail.com>
>>>> *Date: *Thu, 22 Nov 2012 12:16:24 +0530
>>>> *To: *<us...@hive.apache.org>; <us...@hadoop.apache.org>
>>>> *ReplyTo: * user@hive.apache.org
>>>> *Subject: *Multiuser setup on Hive
>>>>
>>>> Hi,
>>>>
>>>> I had been trying to set up a multi user environment for hive.
>>>> I have set up the hive metastore db in MySQL and hive works.
>>>>
>>>> Consider this scenario:
>>>>
>>>> user1 has created a database data1
>>>> user2 has created a database data2
>>>>
>>>> Now user2 logs into hive and he is able to see and delete database data2
>>>>
>>>> How do I prevent this?
>>>>
>>>> Regards,
>>>> Austin
>>>>
>>>>
>>>>
>>>
>>>
>>
>


-- 
*Dean Wampler, Ph.D.*
thinkbiganalytics.com
+1-312-339-1330

Re: Multiuser setup on Hive

[Austin Chungath <au...@gmail.com>]

Shreepadam,
So what do you recommend for this? What are the current best practices for
deploying hive in a multi-user environment?

Thanks,
Austin

On Thu, Nov 22, 2012 at 1:10 PM, Shreepadma Venugopalan <
shreepadma@cloudera.com> wrote:

> Hi Austin,
>
> Hive authorization in its current form has a number of bugs and it is not
> recommended that you use it. We are planning to work on supporting
> authorization in a subsequent version of Hive.
>
> Thanks.
> Shreepadma
>
>
> On Wed, Nov 21, 2012 at 11:12 PM, Austin Chungath <au...@gmail.com>wrote:
>
>> Hi Bejoy,
>>
>> Thanks for the quick reply.
>> I had been reading through hive authorization
>> https://cwiki.apache.org/Hive/languagemanual-auth.html
>>
>> Is it any good. Can anyone explain what happens if I enable this?
>> Will I be able to prevent users from deleting other user's tables?
>>
>>
>> Regards,
>> Austin
>>
>>
>>
>> On Thu, Nov 22, 2012 at 12:20 PM, Bejoy KS <be...@yahoo.com> wrote:
>>
>>> **
>>> Hi Austin
>>>
>>> In hive currently you can have permissions only on the hdfs layer not on
>>> the metastore. The current hive metastore don't have multiuser permission
>>> support. Any user will be able to drop the metadata information now.
>>> Regards
>>> Bejoy KS
>>>
>>> Sent from handheld, please excuse typos.
>>> ------------------------------
>>> *From: * Austin Chungath <au...@gmail.com>
>>> *Date: *Thu, 22 Nov 2012 12:16:24 +0530
>>> *To: *<us...@hive.apache.org>; <us...@hadoop.apache.org>
>>> *ReplyTo: * user@hive.apache.org
>>> *Subject: *Multiuser setup on Hive
>>>
>>> Hi,
>>>
>>> I had been trying to set up a multi user environment for hive.
>>> I have set up the hive metastore db in MySQL and hive works.
>>>
>>> Consider this scenario:
>>>
>>> user1 has created a database data1
>>> user2 has created a database data2
>>>
>>> Now user2 logs into hive and he is able to see and delete database data2
>>>
>>> How do I prevent this?
>>>
>>> Regards,
>>> Austin
>>>
>>>
>>>
>>
>>
>

Re: Multiuser setup on Hive

[Shreepadma Venugopalan <sh...@cloudera.com>]

Hi Austin,

Hive authorization in its current form has a number of bugs and it is not
recommended that you use it. We are planning to work on supporting
authorization in a subsequent version of Hive.

Thanks.
Shreepadma


On Wed, Nov 21, 2012 at 11:12 PM, Austin Chungath <au...@gmail.com>wrote:

> Hi Bejoy,
>
> Thanks for the quick reply.
> I had been reading through hive authorization
> https://cwiki.apache.org/Hive/languagemanual-auth.html
>
> Is it any good. Can anyone explain what happens if I enable this?
> Will I be able to prevent users from deleting other user's tables?
>
>
> Regards,
> Austin
>
>
>
> On Thu, Nov 22, 2012 at 12:20 PM, Bejoy KS <be...@yahoo.com> wrote:
>
>> **
>> Hi Austin
>>
>> In hive currently you can have permissions only on the hdfs layer not on
>> the metastore. The current hive metastore don't have multiuser permission
>> support. Any user will be able to drop the metadata information now.
>> Regards
>> Bejoy KS
>>
>> Sent from handheld, please excuse typos.
>> ------------------------------
>> *From: * Austin Chungath <au...@gmail.com>
>> *Date: *Thu, 22 Nov 2012 12:16:24 +0530
>> *To: *<us...@hive.apache.org>; <us...@hadoop.apache.org>
>> *ReplyTo: * user@hive.apache.org
>> *Subject: *Multiuser setup on Hive
>>
>> Hi,
>>
>> I had been trying to set up a multi user environment for hive.
>> I have set up the hive metastore db in MySQL and hive works.
>>
>> Consider this scenario:
>>
>> user1 has created a database data1
>> user2 has created a database data2
>>
>> Now user2 logs into hive and he is able to see and delete database data2
>>
>> How do I prevent this?
>>
>> Regards,
>> Austin
>>
>>
>>
>
>

Re: Multiuser setup on Hive

[Austin Chungath <au...@gmail.com>]

Hi Bejoy,

Thanks for the quick reply.
I had been reading through hive authorization
https://cwiki.apache.org/Hive/languagemanual-auth.html

Is it any good. Can anyone explain what happens if I enable this?
Will I be able to prevent users from deleting other user's tables?


Regards,
Austin



On Thu, Nov 22, 2012 at 12:20 PM, Bejoy KS <be...@yahoo.com> wrote:

> **
> Hi Austin
>
> In hive currently you can have permissions only on the hdfs layer not on
> the metastore. The current hive metastore don't have multiuser permission
> support. Any user will be able to drop the metadata information now.
> Regards
> Bejoy KS
>
> Sent from handheld, please excuse typos.
> ------------------------------
> *From: * Austin Chungath <au...@gmail.com>
> *Date: *Thu, 22 Nov 2012 12:16:24 +0530
> *To: *<us...@hive.apache.org>; <us...@hadoop.apache.org>
> *ReplyTo: * user@hive.apache.org
> *Subject: *Multiuser setup on Hive
>
> Hi,
>
> I had been trying to set up a multi user environment for hive.
> I have set up the hive metastore db in MySQL and hive works.
>
> Consider this scenario:
>
> user1 has created a database data1
> user2 has created a database data2
>
> Now user2 logs into hive and he is able to see and delete database data2
>
> How do I prevent this?
>
> Regards,
> Austin
>
>
>

Re: Multiuser setup on Hive

[Bejoy KS <be...@yahoo.com>]

Hi Austin

In hive currently you can have permissions only on the hdfs layer not on the metastore. The current hive metastore don't have multiuser permission support. Any user will be able to drop the metadata information now.

Regards
Bejoy KS

Sent from handheld, please excuse typos.

-----Original Message-----
From: Austin Chungath <au...@gmail.com>
Date: Thu, 22 Nov 2012 12:16:24 
To: <us...@hive.apache.org>; <us...@hadoop.apache.org>
Reply-To: user@hive.apache.org
Subject: Multiuser setup on Hive

Hi,

I had been trying to set up a multi user environment for hive.
I have set up the hive metastore db in MySQL and hive works.

Consider this scenario:

user1 has created a database data1
user2 has created a database data2

Now user2 logs into hive and he is able to see and delete database data2

How do I prevent this?

Regards,
Austin