hive-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "david1990111@163.com" <david1990...@163.com>
Subject Re: Re: config hive authorization (hive with kerberos and remote metastore)
Date Thu, 14 Nov 2013 06:22:17 GMT
Whatever I authorize to user hadoop, I cannot do 'select ' even I change the database or use
beeline.

Can anyone config hive authorization successfully with remote metastore ?

From: Mikhail Antonov
Date: 2013-11-14 13:57
To: user
Subject: Re: config hive authorization (hive with kerberos and remote metastore)
Did you try connecting from beeline console?

Also, that happens on the default database, what happens if you try to
create a new database?

-Mikhail

2013/11/13, david1990111@163.com <david1990111@163.com>:
> Hive is configured with remote metastore and kerberos ,and it works fine .
>
> But now ,I want to config hive authorization ,and I modify hive-site.xml
> like this:
> <property>
> <name>hive.security.authorization.enabled</name>
> <value>true</value>
> <description>enable or disable the hive client authorization</description>
> </property>
> <property>
> <name>hive.security.authorization.createtable.owner.grants</name>
> <value>ALL</value>
> <description>the privileges automatically granted to the owner whenever a
> table gets created.
> An example like "select,drop" will grant select and drop privilege to the
> owner of the table</description>
> </property>
>
> Then I restart service hive-server2 and hive-metastore , and I input 'hive'
> in the console:
> Firstly , show tables; --> it works normal.
> Secondly, select * from tableName ; --> It shows : Authorization failed:No
> privilege 'Select' found for inputs { database:default, table:tableName,
> columnName:..............}. Use show grant to get more details.
> Thirdly , set system:user.name; --> It shows : system:user.name=hadoop
> Fourthly , GRANT ALL ON DATABASE default TO USER hadoop; --> It shows : ok.
> Finally , select * from tableName; --> It shows : Authorization failed:No
> privilege 'Select' found for inputs { database:default, table:tableName,
> columnName:..............}. Use show grant to get more details.
> Why ? Why there is no use ? I think maybe it is because of the remote hive
> metastore. Do I need make any other configuration about hive?


-- 
Thanks,
Michael Antonov
Mime
View raw message