hive-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Zende <peter.ze...@gmail.com>
Subject Hive 0.14 authorization settings for JDBC
Date Sat, 14 Feb 2015 22:31:50 GMT
Hi,

Using the HDP 2.2 sandbox image I want to access Hive through JDBC.
According to the documentations I tried to set the SQL Standard-Based +
storage based authorization on the metastore server as suggested in the
docs.
I set the following Hive properties with Ambari:

hive.metastore.pre.event.listeners
org.apache.hadoop.hive.ql.security.authorization.AuthorizationPreEventListener

hive.security.metastore.authorization.manager
org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider,org.apache.hadoop.hive.ql.security.authorization.MetaStoreAuthzAPIAuthorizerEmbedOnly

hive.security.metastore.authenticator.manager
org.apache.hadoop.hive.ql.security.HadoopDefaultMetastoreAuthenticator

hive.security.metastore.authorization.auth.reads
true

hive.server2.enable.doAs
false

hive.users.in.admin.role
-> add myuser

hive.security.authorization.manager
org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory

hive.security.authorization.enabled
true

hive.security.authenticator.manager
org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator

hive.metastore.uris
thrift://sandbox.hortonworks.com:9083
( Ambari does’t allow to leave this property empty or set ‘ ‘ or ” “)

The connection from the Hive CLI works fine, however, whenever I try to
create a table in a database through JDBC, I get the following exception,
e.g from beeline:

0: jdbc:hive2://192.168.56.102:10000/mydb_> create table x (a int);

Caused by: java.lang.RuntimeException:
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException:Permission
denied: user [myuser] does not have [CREATE] privilege on [mydb/x]

Granting access to myuser doesn't help.

The corresponding directory permission on the HDFS are:
drwxr-xr-x – myuser hdfs

Myuser is also a member of the hdfs linux group.

What do I wrong? I can’t figure it out…


Many thanks,

peter

Mime
View raw message