Ojo
Reputation: 53
Hive Create Permissions w/ Security Enabled
I've setup Kerberos as the security model for hive, but I'm struggling to get the permissions right. Right now a user can create and drop a database fine, but can't create a table:
hive> show databases;
OK
cpenney
default
Time taken: 0.051 seconds, Fetched: 2 row(s)
hive> drop database cpenney;
OK
Time taken: 0.098 seconds
hive> create database cpenney;
OK
Time taken: 0.062 seconds
hive> create table test ( hostgroup STRING );
Authorization failed:No privilege 'Create' found for outputs { database:cpenney}. Use show grant to get more details.
hive> show grant user cpenney on database cpenney;
OK
Time taken: 0.016 seconds
hive> grant all on database cpenney to user cpenney;
OK
Time taken: 0.022 seconds
hive> show grant user cpenney on database cpenney;
OK
database cpenney
principalName cpenney
principalType USER
privilege All
grantTime Thu Sep 05 11:07:59 EDT 2013
grantor [email protected]
Time taken: 0.02 seconds, Fetched: 7 row(s)
hive> create table test ( hostgroup STRING );
Authorization failed:No privilege 'Create' found for outputs { database:cpenney}. Use show grant to get more details.
I'm using the following settings (some pruned from this paste):
<property>
<name>hive.security.authorization.enabled</name>
<value>true</value>
</property>
<property>
<name>hive.security.authorization.createtable.owner.grants</name>
<value>ALL</value>
</property>
<property>
<name>hive.security.metastore.authorization.enabled</name>
<value>true</value>
</property>
<property>
<name>hive.metastore.authorization.storage.checks</name>
<value>true</value>
</property>
<property>
<name>hive.security.metastore.authorization.manager</name>
<value>org.apache.hadoop.hive.ql.security.authorization.DefaultHiveMetastoreAuthorizationProvider</value>
</property>
<property>
<name>hive.security.metastore.authenticator.manager</name>
<value>org.apache.hadoop.hive.ql.security.HadoopDefaultMetastoreAuthenticator</value>
</property>
It doesn't seem like the hive.security.authorization.createtable.owner.grants option is doing anything. When I look in /user/hive/warehouse the file is owned by the same user so that seems right.
I'm using hadoop 1.1.1 and hive 0.11.
Thanks!
Upvotes: 1
Views: 15665
Answers (1)
Sourabh Potnis
Reputation: 1471
Set hive.security.authorization.enabled to FALSE
You can grant create to your user name.
for more details: Hive Authorization
Thanks, SSP
Upvotes: 3
Related Questions
- hive external table needing write access
- Hive is throwing permission error while creating table/database
- Permission Denied error while creating database in hive
- Authorizing Hadoop users without Sentry
- Hive grant permission on database scope
- how to change ownership of hive table/database
- Role assignment in Hive
- Grant Permission in Hive
- Getting permission denied error when executing Hive query
- using chmod intalling hadoop