hive-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "david1990111@163.com" <david1990...@163.com>
Subject config hive authorization (hive with kerberos and remote metastore)
Date Thu, 14 Nov 2013 05:53:37 GMT
Hive is configured with remote metastore and kerberos ,and it works fine .

But now ,I want to config hive authorization ,and I modify hive-site.xml like this:
<property>
<name>hive.security.authorization.enabled</name>
<value>true</value>
<description>enable or disable the hive client authorization</description>
</property>
<property>
<name>hive.security.authorization.createtable.owner.grants</name>
<value>ALL</value>
<description>the privileges automatically granted to the owner whenever a table gets
created. 
An example like "select,drop" will grant select and drop privilege to the owner of the table</description>
</property>

Then I restart service hive-server2 and hive-metastore , and I input 'hive' in the console:
Firstly , show tables; --> it works normal.
Secondly, select * from tableName ; --> It shows : Authorization failed:No privilege 'Select'
found for inputs { database:default, table:tableName, columnName:..............}. Use show
grant to get more details. 
Thirdly , set system:user.name; --> It shows : system:user.name=hadoop 
Fourthly , GRANT ALL ON DATABASE default TO USER hadoop; --> It shows : ok.
Finally , select * from tableName; --> It shows : Authorization failed:No privilege 'Select'
found for inputs { database:default, table:tableName, columnName:..............}. Use show
grant to get more details. 
Why ? Why there is no use ? I think maybe it is because of the remote hive metastore. Do I
need make any other configuration about hive?
Mime
View raw message