You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@hadoop.apache.org by Alexander Alten-Lorenz <wg...@gmail.com> on 2012/11/22 09:41:07 UTC

Re: Multiuser setup on Hive

You could use SASL / kerberos implementation within HiveServer2. Depends on a kerberosized cluster, too. Hive's metastore server provides the same mechanism, but isn't fully multi connect ready.
Here's a link:
http://ben-tech.blogspot.de/2012/10/hive-server-2-in-cdh41.html

- Alex

On Nov 22, 2012, at 7:46 AM, Austin Chungath <au...@gmail.com> wrote:

> Hi,
> 
> I had been trying to set up a multi user environment for hive.
> I have set up the hive metastore db in MySQL and hive works.
> 
> Consider this scenario:
> 
> user1 has created a database data1
> user2 has created a database data2
> 
> Now user2 logs into hive and he is able to see and delete database data2
> 
> How do I prevent this?
> 
> Regards,
> Austin

--
Alexander Alten-Lorenz
http://mapredit.blogspot.com
German Hadoop LinkedIn Group: http://goo.gl/N8pCF

Re: Multiuser setup on Hive

Posted by Michel Segel <mi...@hotmail.com>.

User 2 has the permission to delete database2 because he created it.
Did the OP mean that user1 can delete it?  If so there are permissions that would prevent that.


Sent from a remote device. Please excuse any typos...

Mike Segel

On Nov 22, 2012, at 2:41 AM, Alexander Alten-Lorenz <wg...@gmail.com> wrote:

> You could use SASL / kerberos implementation within HiveServer2. Depends on a kerberosized cluster, too. Hive's metastore server provides the same mechanism, but isn't fully multi connect ready.
> Here's a link:
> http://ben-tech.blogspot.de/2012/10/hive-server-2-in-cdh41.html
> 
> - Alex
> 
> On Nov 22, 2012, at 7:46 AM, Austin Chungath <au...@gmail.com> wrote:
> 
>> Hi,
>> 
>> I had been trying to set up a multi user environment for hive.
>> I have set up the hive metastore db in MySQL and hive works.
>> 
>> Consider this scenario:
>> 
>> user1 has created a database data1
>> user2 has created a database data2
>> 
>> Now user2 logs into hive and he is able to see and delete database data2
>> 
>> How do I prevent this?
>> 
>> Regards,
>> Austin
> 
> --
> Alexander Alten-Lorenz
> http://mapredit.blogspot.com
> German Hadoop LinkedIn Group: http://goo.gl/N8pCF
> 
>

Re: Multiuser setup on Hive

Posted by Alexander Alten-Lorenz <wg...@gmail.com>.

That means a separate metastore per User / different port. Please have in mind, anyone should maintain this. On top, the user has to choose the right JDBC connection. I have my doubt on such a installation ;)

cheers,
 Alex

On Nov 22, 2012, at 10:48 AM, Austin Chungath <au...@gmail.com> wrote:

> Thanks Alex,
> But unfortunately I don't have kerberos implementation right now to try it
> out.
> I was wondering if we can create multiple metastore dbs in mysql and then
> for each user group make separate hive-site.xml which has the username and
> jdbc connection details. Do I make any sense? is something in these lines
> possible?
> 
> Regards,
> Austin
> 
> 
> On Thu, Nov 22, 2012 at 2:11 PM, Alexander Alten-Lorenz <wget.null@gmail.com
>> wrote:
> 
>> You could use SASL / kerberos implementation within HiveServer2. Depends
>> on a kerberosized cluster, too. Hive's metastore server provides the same
>> mechanism, but isn't fully multi connect ready.
>> Here's a link:
>> http://ben-tech.blogspot.de/2012/10/hive-server-2-in-cdh41.html
>> 
>> - Alex
>> 
>> On Nov 22, 2012, at 7:46 AM, Austin Chungath <au...@gmail.com> wrote:
>> 
>>> Hi,
>>> 
>>> I had been trying to set up a multi user environment for hive.
>>> I have set up the hive metastore db in MySQL and hive works.
>>> 
>>> Consider this scenario:
>>> 
>>> user1 has created a database data1
>>> user2 has created a database data2
>>> 
>>> Now user2 logs into hive and he is able to see and delete database data2
>>> 
>>> How do I prevent this?
>>> 
>>> Regards,
>>> Austin
>> 
>> --
>> Alexander Alten-Lorenz
>> http://mapredit.blogspot.com
>> German Hadoop LinkedIn Group: http://goo.gl/N8pCF
>> 
>> 

--
Alexander Alten-Lorenz
http://mapredit.blogspot.com
German Hadoop LinkedIn Group: http://goo.gl/N8pCF

Re: Multiuser setup on Hive

Posted by Austin Chungath <au...@gmail.com>.

Thanks Alex,
But unfortunately I don't have kerberos implementation right now to try it
out.
I was wondering if we can create multiple metastore dbs in mysql and then
for each user group make separate hive-site.xml which has the username and
jdbc connection details. Do I make any sense? is something in these lines
possible?

Regards,
Austin


On Thu, Nov 22, 2012 at 2:11 PM, Alexander Alten-Lorenz <wget.null@gmail.com
> wrote:

> You could use SASL / kerberos implementation within HiveServer2. Depends
> on a kerberosized cluster, too. Hive's metastore server provides the same
> mechanism, but isn't fully multi connect ready.
> Here's a link:
> http://ben-tech.blogspot.de/2012/10/hive-server-2-in-cdh41.html
>
> - Alex
>
> On Nov 22, 2012, at 7:46 AM, Austin Chungath <au...@gmail.com> wrote:
>
> > Hi,
> >
> > I had been trying to set up a multi user environment for hive.
> > I have set up the hive metastore db in MySQL and hive works.
> >
> > Consider this scenario:
> >
> > user1 has created a database data1
> > user2 has created a database data2
> >
> > Now user2 logs into hive and he is able to see and delete database data2
> >
> > How do I prevent this?
> >
> > Regards,
> > Austin
>
> --
> Alexander Alten-Lorenz
> http://mapredit.blogspot.com
> German Hadoop LinkedIn Group: http://goo.gl/N8pCF
>
>

Re: Multiuser setup on Hive

Posted by Michel Segel <mi...@hotmail.com>.

User 2 has the permission to delete database2 because he created it.
Did the OP mean that user1 can delete it?  If so there are permissions that would prevent that.


Sent from a remote device. Please excuse any typos...

Mike Segel

On Nov 22, 2012, at 2:41 AM, Alexander Alten-Lorenz <wg...@gmail.com> wrote:

> You could use SASL / kerberos implementation within HiveServer2. Depends on a kerberosized cluster, too. Hive's metastore server provides the same mechanism, but isn't fully multi connect ready.
> Here's a link:
> http://ben-tech.blogspot.de/2012/10/hive-server-2-in-cdh41.html
> 
> - Alex
> 
> On Nov 22, 2012, at 7:46 AM, Austin Chungath <au...@gmail.com> wrote:
> 
>> Hi,
>> 
>> I had been trying to set up a multi user environment for hive.
>> I have set up the hive metastore db in MySQL and hive works.
>> 
>> Consider this scenario:
>> 
>> user1 has created a database data1
>> user2 has created a database data2
>> 
>> Now user2 logs into hive and he is able to see and delete database data2
>> 
>> How do I prevent this?
>> 
>> Regards,
>> Austin
> 
> --
> Alexander Alten-Lorenz
> http://mapredit.blogspot.com
> German Hadoop LinkedIn Group: http://goo.gl/N8pCF
> 
>

Re: Multiuser setup on Hive

Posted by Michel Segel <mi...@hotmail.com>.

User 2 has the permission to delete database2 because he created it.
Did the OP mean that user1 can delete it?  If so there are permissions that would prevent that.


Sent from a remote device. Please excuse any typos...

Mike Segel

On Nov 22, 2012, at 2:41 AM, Alexander Alten-Lorenz <wg...@gmail.com> wrote:

> You could use SASL / kerberos implementation within HiveServer2. Depends on a kerberosized cluster, too. Hive's metastore server provides the same mechanism, but isn't fully multi connect ready.
> Here's a link:
> http://ben-tech.blogspot.de/2012/10/hive-server-2-in-cdh41.html
> 
> - Alex
> 
> On Nov 22, 2012, at 7:46 AM, Austin Chungath <au...@gmail.com> wrote:
> 
>> Hi,
>> 
>> I had been trying to set up a multi user environment for hive.
>> I have set up the hive metastore db in MySQL and hive works.
>> 
>> Consider this scenario:
>> 
>> user1 has created a database data1
>> user2 has created a database data2
>> 
>> Now user2 logs into hive and he is able to see and delete database data2
>> 
>> How do I prevent this?
>> 
>> Regards,
>> Austin
> 
> --
> Alexander Alten-Lorenz
> http://mapredit.blogspot.com
> German Hadoop LinkedIn Group: http://goo.gl/N8pCF
> 
>

Re: Multiuser setup on Hive

Posted by Michel Segel <mi...@hotmail.com>.

User 2 has the permission to delete database2 because he created it.
Did the OP mean that user1 can delete it?  If so there are permissions that would prevent that.


Sent from a remote device. Please excuse any typos...

Mike Segel

On Nov 22, 2012, at 2:41 AM, Alexander Alten-Lorenz <wg...@gmail.com> wrote:

> You could use SASL / kerberos implementation within HiveServer2. Depends on a kerberosized cluster, too. Hive's metastore server provides the same mechanism, but isn't fully multi connect ready.
> Here's a link:
> http://ben-tech.blogspot.de/2012/10/hive-server-2-in-cdh41.html
> 
> - Alex
> 
> On Nov 22, 2012, at 7:46 AM, Austin Chungath <au...@gmail.com> wrote:
> 
>> Hi,
>> 
>> I had been trying to set up a multi user environment for hive.
>> I have set up the hive metastore db in MySQL and hive works.
>> 
>> Consider this scenario:
>> 
>> user1 has created a database data1
>> user2 has created a database data2
>> 
>> Now user2 logs into hive and he is able to see and delete database data2
>> 
>> How do I prevent this?
>> 
>> Regards,
>> Austin
> 
> --
> Alexander Alten-Lorenz
> http://mapredit.blogspot.com
> German Hadoop LinkedIn Group: http://goo.gl/N8pCF
> 
>