hive-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Nastetsky <>
Subject external tables and database authorization
Date Thu, 13 Mar 2014 00:34:44 GMT
My use case requires different groups of users to have access to different
databases and to be able to create only external tables for those
databases. The default database must not be usable at all.

I am using storage based authorization on Hive

I have set the default database directory to permissions 000, which
completely disables it.

For all other databases, I have set them to permissions 220, since for some
reason Hive requires a database directory to have "write" permission even
when creating external tables in another location. Users who belong to the
group that owns a specific database are able to create external tables in
that database (because they have "write" permission). If they actually
tried to create an internal table for the database, it would fail because
it requires "execute" permission in addition to "write" permission.

All of this works to satisfy my needs, so why am I writing this email?

My concern is that I've discovered Hive's requirement for the database
directory to have "write" permission on the database directory completely
accidentally and have not found any documentation about this. This makes me
think that it's a bug and might be fixed in a future version of Hive. If
that happens, my set up above would no longer work.

My questions are the following:
1) Is the requirement for the "write" permission the database when creating
external tables, a feature or a bug?
a) If it's a feature, can it be documented somewhere?
b) If it's a bug that will be fixed, how will authorization work on
databases for external tables, if there are no longer any requirements for
the permission on the database?

Thanks in advance,

View raw message