hive-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yongqiang he <heyongqiang...@gmail.com>
Subject Re: Hive 0.7.1 authorization woes
Date Tue, 23 Aug 2011 17:27:27 GMT
Have you created the metastore mysql tables for authorization? Can u
do a show grant?

thanks
yongqiang
On Tue, Aug 16, 2011 at 2:55 PM, Alex Holmes <grep.alex@gmail.com> wrote:
> Hi all,
>
> I've been struggling with getting Hive authorization to work for a few
> hours, and I really hope someone can help me.  I installed Hive 0.7.1
> on top of Hadoop 0.20.203.  I'm using mysql for the metastore, and
> configured Hive to enable authorization:
>
> <property>
>  <name>hive.security.authorization.enabled</name>
>  <value>true</value>
>  <description>enable or disable the hive client authorization</description>
> </property>
>
> I kept all the other Hive security configs with their default settings.
>
> I'm running in pseudo-distributed mode on a single node.  HDFS, the Hive
> metastore and the Hive CLI are all running as the same user (the HDFS
> superuser).  Here are the sequence of steps that are causing me issues.
> Without authorization everything works perfectly (creating, loading, selecting).
> I've also tried creating and loading the table without authorization, granting
> the select privilege at various levels (global, table, database), turning on
> auth and performing the select, resulting in the same exception.
>
> Any help with this would be greatly appreciated!
>
> Thanks,
> Alex
>
> --
>
> [hduser@aholmes-desktop ~]$ hive
> Hive history file=/tmp/hduser/hive_job_log_hduser_201108162158_1976573160.txt
> hive> set hive.security.authorization.enabled=false;
> hive> grant all to user hduser;
> OK
> Time taken: 0.233 seconds
> hive> set hive.security.authorization.enabled=true;
> hive> CREATE TABLE pokes3 (foo INT, bar STRING);
> FAILED: Hive Internal Error:
> org.apache.hadoop.hive.ql.metadata.HiveException(org.apache.thrift.TApplicationException:
> get_privilege_set failed: unknown result)
> org.apache.hadoop.hive.ql.metadata.HiveException:
> org.apache.thrift.TApplicationException: get_privilege_set failed:
> unknown result
>        at org.apache.hadoop.hive.ql.metadata.Hive.get_privilege_set(Hive.java:1617)
>        at org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorizeUserPriv(DefaultHiveAuthorizationProvider.java:201)
>        at org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorizeUserAndDBPriv(DefaultHiveAuthorizationProvider.java:226)
>        at org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorize(DefaultHiveAuthorizationProvider.java:89)
>        at org.apache.hadoop.hive.ql.Driver.doAuthorization(Driver.java:433)
>        at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:393)
>        at org.apache.hadoop.hive.ql.Driver.run(Driver.java:736)
>        at org.apache.hadoop.hive.cli.CliDriver.processCmd(CliDriver.java:164)
>        at org.apache.hadoop.hive.cli.CliDriver.processLine(CliDriver.java:241)
>        at org.apache.hadoop.hive.cli.CliDriver.main(CliDriver.java:456)
>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>        at java.lang.reflect.Method.invoke(Method.java:597)
>        at org.apache.hadoop.util.RunJar.main(RunJar.java:156)
> Caused by: org.apache.thrift.TApplicationException: get_privilege_set
> failed: unknown result
>        at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.recv_get_privilege_set(ThriftHiveMetastore.java:2414)
>        at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.get_privilege_set(ThriftHiveMetastore.java:2379)
>        at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.get_privilege_set(HiveMetaStoreClient.java:1042)
>        at org.apache.hadoop.hive.ql.metadata.Hive.get_privilege_set(Hive.java:1615)
>        ... 14 more
>

Mime
View raw message