hive-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Namas Amitabha <hyacinth...@hotmail.com>
Subject hive authorization problem
Date Thu, 22 Jun 2017 06:36:41 GMT

Hi all,

I met a problem with Hive Default Authorization - Legacy Mode<https://cwiki.apache.org/confluence/display/Hive/Hive+Default+Authorization+-+Legacy+Mode>,
I tried to enable the authorization on hiveserver2, and this is my hive-site.xml in hiveserver2
conf:
<property>
  <name>hive.security.authorization.enabled</name>
  <value>true</value>
</property>
<property>
  <name>hive.security.authorization.createtable.owner.grants</name>
  <value>ALL</value>
</property>
<property>
     <name>hive.semantic.analyzer.hook</name>
     <value>com.hive.auth.AuthHook</value>
     <description>just for super administrator</description>
</property>
<property>
     <name>hive.security.authorization.task.factory</name>
     <value>org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactoryImpl</value>
</property>

The problem I met is that when I create a view of a table,and grant the select privilege of
the view to somebody,
then hive will check the view privilege first,and after that,hive check the table privilege
again.Like this:
create view v_dual as select * from dual;
grant select on v_dual to user test;
And when user test tried to execute this sql : select * from v_dual, hive throws an Error:
"Error: Error while compiling statement: No privilege 'Select' found for inputs { database:default,
table:dual, columnName:foo} (state=42000,code=403)"
But the hive wiki says that The default authorization model in Hive can be used to provide
fine grained access control by creating views and granting access to views instead of the
underlying tables.
So I'm confused that why I am not performing this well as the wiki described.

Mime
View raw message