Unfortunately, the roles in Hive are advisory only. Effectively everyone is
an admin who can grant anyone (including themselves) additional permissions.
If you need security, the best option is to protect the HDFS directories
that the data is stored in. Set the HDFS owner, group, and permissions so
that the users have read/write permission as desired. Don't forget to set
things at both the database directory and table directory levels.
Then you need to configure hive.security.metastore.authorization.manager
which uses HDFS permissions to control access to databases and tables.
By setting it up this way, the HDFS permissions will be enforced by the
NameNode and keep each group from reading each others data. The metastore
will use the same HDFS permissions to prevent access to the other groups
Of course, all of this assumes you have Kerberos turned on for your Hadoop
cluster. It also requires a minimum of Hive 0.10.
Hope it helps,
On Fri, May 10, 2013 at 1:19 AM, Austin Chungath <[EMAIL PROTECTED]> wrote:
> Hi all,
> This seems silly but I couldn't get any reliable information even after a
> few minutes of googling.
> If I am creating user roles and groups in hive, which user should I be
> doing it with?
> Is there some configuration in hive-site.xml which sets a user as hive
> Right now I see that any user can create user roles and groups or am I
> missing something?
> I am using the following link as reference