Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
Hive, mail # user - hive permissions issue on a database


Copy link to this message
-
Re: hive permissions issue on a database
Bejoy KS 2012-10-02, 03:01
Hi Rahul

Hive currently have this limitation. You can have permissions on hdfs but not on the metastore. So as a result any user can drop any table in hive. I have seen such discussions popping up before as well since it a genuine requirement  you can expect permissions on metastore level in future versions of hive.
  
Regards
Bejoy KS

Sent from handheld, please excuse typos.

-----Original Message-----
From: Rahul Sarma <[EMAIL PROTECTED]>
Date: Mon, 1 Oct 2012 11:50:19
To: <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: hive permissions issue on a database

I have a Hadoop cluster running CDH4 version. I am having issues giving
privileges to users on hive. My requirement is for each linux user I need
to create a database on hive and give access to only that user(or group).
So other users should not be able to see those tables or do anything with
them. I already have separate folders in HDFS for each user with selective
permissions. Here is what I have done:

   -

   My Hive is connected to oracle 11g as its metastore. The tables are all
   created.
   -

   Modify /etc/hive/conf/hive-site.xml and make set
   "hive.security.authorization.enabled" = true. Also
   "hive.security.authorization.createtable.owner.grants" = All.
   -

   Created Linux users demo1 & demo2 with same group name i.e. demo1 &
   demo2 Logged in hive prompt as root, and created 2 databases demo1db &
   demo2db.
   -

   Created 2 roles, demo1_role & demo2_role Assigned the groups to the role
   i.e. demo1 group belongs to demo1_role & demo2 group belongs to demo2_role.
   -

   Grant "All" to demo1db to demo1_role and demo2db to demo2_role
   -

   Login as demo1 and get into the hive prompt. Create table demo1db.table1.
   -

   Login as demo2 and get into hive prompt. Drop table demo1db.table1. *And
   it allows to drop !!!!.*Though it cannot delete the associated data in
   HDFS as demo2 does not have access to the folder that demo1 controls. The
   table is dropped from metastore. The same happens when I create table with
   demo2 user and demo1 is able to drop it.

What have I done wrong? Also I noticed that when I do "show tables;" under
demo1, it does not show anything?

Any suggestions?

Regards,
Rahul Sarma