# hive 权限笔记

+关注继续查看

## Configuration

### For Hive 0.13.x

Set the following in hive-site.xml:

• hive.server2.enable.doAs to false.

• hive.users.in.admin.role to the list of comma-separated users who need to be added to admin role. Note that a user who belongs to the admin role needs to run the "set role" command before getting the privileges of the admin role, as this role is not in current roles by default.

Start HiveServer2 with the following additional command-line options:

• -hiveconf hive.security.authorization.enabled=true

• -hiveconf hive.metastore.uris=' '

### For Hive 0.14 and Newer

Set the following in hive-site.xml:

• hive.server2.enable.doAs to false.

• hive.users.in.admin.role to the list of comma-separated users who need to be added to admin role. Note that a user who belongs to the admin role needs to run the "set role" command before getting the privileges of the admin role, as this role is not in current roles by default.

• Add org.apache.hadoop.hive.ql.security.authorization.MetaStoreAuthzAPIAuthorizerEmbedOnly to hive.security.metastore.authorization.manager. (It takes a comma separated list, so you can add it along with StorageBasedAuthorization parameter, if you want to enable that as well).
This setting disallows any of the authorization api calls to be invoked in a remote metastore. HiveServer2 can be configured to use embedded metastore, and that will allow it to invoke metastore authorization api. Hive cli and any other remote metastore users would be denied authorization when they try to make authorization api calls. This restricts the authorization api to privileged HiveServer2 process. You should also ensure that the metastore rdbms access is restricted to the metastore server and hiverserver2.

• hive.security.authorization.manager to org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdConfOnlyAuthorizerFactory. This will ensure that any table or views created by hive-cli have default privileges granted for the owner.

Set the following in hiveserver2-site.xml:

• -hiveconf hive.security.authorization.enabled=true

• -hiveconf hive.metastore.uris=' '

1、SET ROLE (role_name|ALL|NONE);

Mysql学习笔记（十三）权限管理

939 0

2526 0

1697 0
Effective C++ 笔记(1)：视C++为语言联邦

1441 0

12036 0
+关注
20382

0

《2021云上架构与运维峰会演讲合集》

《零基础CSS入门教程》

《零基础HTML入门教程》