You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@hive.apache.org by "david1990111@163.com" <da...@163.com> on 2013/11/14 06:53:37 UTC

config hive authorization (hive with kerberos and remote metastore)

Hive is configured with remote metastore and kerberos ,and it works fine .

But now ,I want to config hive authorization ,and I modify hive-site.xml like this:
<property>
<name>hive.security.authorization.enabled</name>
<value>true</value>
<description>enable or disable the hive client authorization</description>
</property>
<property>
<name>hive.security.authorization.createtable.owner.grants</name>
<value>ALL</value>
<description>the privileges automatically granted to the owner whenever a table gets created. 
An example like "select,drop" will grant select and drop privilege to the owner of the table</description>
</property>

Then I restart service hive-server2 and hive-metastore , and I input 'hive' in the console:
Firstly , show tables; --> it works normal.
Secondly, select * from tableName ; --> It shows : Authorization failed:No privilege 'Select' found for inputs { database:default, table:tableName, columnName:..............}. Use show grant to get more details. 
Thirdly , set system:user.name; --> It shows : system:user.name=hadoop 
Fourthly , GRANT ALL ON DATABASE default TO USER hadoop; --> It shows : ok.
Finally , select * from tableName; --> It shows : Authorization failed:No privilege 'Select' found for inputs { database:default, table:tableName, columnName:..............}. Use show grant to get more details. 
Why ? Why there is no use ? I think maybe it is because of the remote hive metastore. Do I need make any other configuration about hive?

Re: Re: config hive authorization (hive with kerberos and remote metastore)

Posted by "david1990111@163.com" <da...@163.com>.

Whatever I authorize to user hadoop, I cannot do 'select ' even I change the database or use beeline.

Can anyone config hive authorization successfully with remote metastore ?

From: Mikhail Antonov
Date: 2013-11-14 13:57
To: user
Subject: Re: config hive authorization (hive with kerberos and remote metastore)
Did you try connecting from beeline console?

Also, that happens on the default database, what happens if you try to
create a new database?

-Mikhail

2013/11/13, david1990111@163.com <da...@163.com>:
> Hive is configured with remote metastore and kerberos ,and it works fine .
>
> But now ,I want to config hive authorization ,and I modify hive-site.xml
> like this:
> <property>
> <name>hive.security.authorization.enabled</name>
> <value>true</value>
> <description>enable or disable the hive client authorization</description>
> </property>
> <property>
> <name>hive.security.authorization.createtable.owner.grants</name>
> <value>ALL</value>
> <description>the privileges automatically granted to the owner whenever a
> table gets created.
> An example like "select,drop" will grant select and drop privilege to the
> owner of the table</description>
> </property>
>
> Then I restart service hive-server2 and hive-metastore , and I input 'hive'
> in the console:
> Firstly , show tables; --> it works normal.
> Secondly, select * from tableName ; --> It shows : Authorization failed:No
> privilege 'Select' found for inputs { database:default, table:tableName,
> columnName:..............}. Use show grant to get more details.
> Thirdly , set system:user.name; --> It shows : system:user.name=hadoop
> Fourthly , GRANT ALL ON DATABASE default TO USER hadoop; --> It shows : ok.
> Finally , select * from tableName; --> It shows : Authorization failed:No
> privilege 'Select' found for inputs { database:default, table:tableName,
> columnName:..............}. Use show grant to get more details.
> Why ? Why there is no use ? I think maybe it is because of the remote hive
> metastore. Do I need make any other configuration about hive?


-- 
Thanks,
Michael Antonov

Re: config hive authorization (hive with kerberos and remote metastore)

Posted by Mikhail Antonov <ol...@gmail.com>.

Did you try connecting from beeline console?

Also, that happens on the default database, what happens if you try to
create a new database?

-Mikhail

2013/11/13, david1990111@163.com <da...@163.com>:
> Hive is configured with remote metastore and kerberos ,and it works fine .
>
> But now ,I want to config hive authorization ,and I modify hive-site.xml
> like this:
> <property>
> <name>hive.security.authorization.enabled</name>
> <value>true</value>
> <description>enable or disable the hive client authorization</description>
> </property>
> <property>
> <name>hive.security.authorization.createtable.owner.grants</name>
> <value>ALL</value>
> <description>the privileges automatically granted to the owner whenever a
> table gets created.
> An example like "select,drop" will grant select and drop privilege to the
> owner of the table</description>
> </property>
>
> Then I restart service hive-server2 and hive-metastore , and I input 'hive'
> in the console:
> Firstly , show tables; --> it works normal.
> Secondly, select * from tableName ; --> It shows : Authorization failed:No
> privilege 'Select' found for inputs { database:default, table:tableName,
> columnName:..............}. Use show grant to get more details.
> Thirdly , set system:user.name; --> It shows : system:user.name=hadoop
> Fourthly , GRANT ALL ON DATABASE default TO USER hadoop; --> It shows : ok.
> Finally , select * from tableName; --> It shows : Authorization failed:No
> privilege 'Select' found for inputs { database:default, table:tableName,
> columnName:..............}. Use show grant to get more details.
> Why ? Why there is no use ? I think maybe it is because of the remote hive
> metastore. Do I need make any other configuration about hive?


-- 
Thanks,
Michael Antonov