As the use of hive is increased by various departments of the company, permission Control for hive is a task that must be carried out. To address this issue, I recently checked the hive source code and completed the preliminary design and implementation to basically meet the current permission control objectives. Objective 1. Use public modules or public configuration files for user permission management. 2. Each
As the use of hive is increased by various departments of the company, permission Control for hive is a task that must be carried out. To address this issue, I recently checked the hive source code and completed the preliminary design and implementation to basically meet the current permission control objectives. Objective 1. Use public modules or public configuration files for user permission management. 2. Each
As the use of hive is increased by various departments of the company, permission Control for hive is a task that must be carried out. To address this issue, I recently checked the hive source code and completed the preliminary design and implementation to basically meet the current permission control objectives.
Target
1. Use public modules or public configuration files for user permission management. 2. Each department uses different accounts to query Hadoop cluster data. 3. all user accounts that query Hadoop cluster data must be verified by the permission management module. Prompt information should be provided for unauthorized operations. 4. The accounts used by the personnel of the Department can only query data belonging to the department according to their responsibilities. 5. Only special accounts can query sensitive information. 6. For each operation, Operation logs (time, user name, and operation table) must be recorded, and logs must be backed up regularly.
Create the following tasks for the above objectives:
1. added the permission control function for hiveserver. 2. Add the user permission configuration module for hivelib. 3. added the user configuration function for hiveclient. 4. Expand the hive configuration file and add four Reserved configurations. 5. A web project that provides permission Control for permission configuration.
Control content
1. the maximum number of partitions used by the user for the same task. Controls the number of map tasks. 2. the maximum number of reduce tasks for the same task. 3. databases available to users. 4. tables that users can use. (If the database corresponding to the table has been configured for this user, you do not need to configure it separately ). 5. Special columns that the user is not allowed to access. 6. columns that users must use when using a table. (No Use Cases Currently) 7. Partition restrictions on user channels.
Scope of this modification
1. hiveserver modify hive-exec-0.8.1.jar, hive-common-0.8.1.jar, mainly used to add permission control, and add configuration item 2. hivelib (the company uses the python class library to access hive through thrift and extract data) to modify hiveclient. and add the conf configuration. 3. Modify hiveclient to add configuration items for the conf/hive-site.xml. 4. Use django to assign web permissions to projects. (Rapid Development)
The next chapter describes how to complete the preceding steps.
Original article address: Custom Hive permission Control (1) design goal. Thank you for sharing it with me.