Hive Permissions Introduction __hive

Reprint url:http://www.cnblogs.com/zfyouxi/p/5341387.html

First, open the right

Hive now supports simple rights management, which is not turned on by default. All users have the same permissions. Also super admin at the same time. It also has the right to view and modify all the tables in the hive, which does not conform to the security principle of the general Data Warehouse. Hive can be metadata-based rights management. Can also be managed based on file storage-level permissions. This is to introduce metadata authority management. Use the following configuration to turn on the Hive Identity authentication feature for permission checking:

<property>

<name>hive.security.authorization.enabled</name>

<value>true</value>

<description>enable or disable the hive client authorization</description>

</property>

After the authentication is initiated, no matter what user must be privilege by grant, the entity should be operated on.

There is a table creator's permission configuration for the table created:

<property>

<name>hive.security.authorization.createtable.owner.grants</name>

<value>ALL</value>

<description>the privileges automatically granted to the owner whenever a table gets created.

An example like "Select,drop" would grant select and drop privilege to the owner of the table</description>

</property>

It is also reasonable that the default configuration is null, set to all, which means that the creator has full permissions to the table that it creates. At the same time, you can assign permissions to a role by configuring it when the table is created:

<property>

<name>hive.security.authorization.createtable.role.grants</name>

<value>admin_role:ALL</value>

</property>

Of course, you can also give permission to User,group at the time of Creation .

Under the Hive command line, you can view the current hiveusername, or the logged-in user of the OS, via set System:user.name.

Turn on permission authentication to create a table at the command line:

Hive>create TABLE auth_test (key int, value string);

Authorization failed:no privilege ' Create ' found for outputs {Database:default}. Use "show grant" to "more details.

A failure is created at this time. By default, users do not have table permissions created. Run

Hive>grant Create on database defaut to user test

You will succeed when you create the table again. Ability to view specific information, including all of the tables, through DESC extended auth_test

By default, other users are also not authorized to read whatever columns in the Auth_test, and to log on to the OS with another user to run under hive:

Hive>select key from Auth_test;

The following error occurred:

Authorization failed:no privilege ' Select ' found for inputs {database:default, table:auth_test, Columnname:key}. Use "show grant" to "more details.

Run:

Grant Select (key) on the table auth_test to user test1;

After the query can be successful

Grant/revoke Syntax:

Grant/revoke Priv_type[column_list] on object_type object To/from principal_type principal_name

View Grant Definition:

Show grant user user_name on table table_name;
Third, role:

In addition Hive also supports role-based authorization authentication, which is a set of permissions that a role can be granted to multiple users. All users who have role have the right to match this role, and can indirectly control the user's rights through the management of role permissions. Therefore, in a large multi-user system. Role is undoubtedly more convenient for rights management.

Create/Remove Roles:

Create/drop role Role_name

Role Assignment/Recycle:

Grant role role_name to user user_name

Revoke role role_name from user user_name

Role Authorization:

Grant/revoke Priv_type[col_list] On Object_type object from/to role Role_name

View Role Definition:

Show role Grant role role_name
Four, the authority metadata:

Log in to the hive metabase. can find the following table:

Db_privs: Records the User/role's permissions on DB

Tbl_privs: Records the User/role permissions on the table

Tbl_col_privs: Records the User/role permissions on the table column

Roles: Records all created role

Role_map: Records the corresponding relationship between user and role