Hive 0.13 provides secure SQL standard-based authorization using the GRANT
and REVOKE
SQL statements. Hive provides three authorization models: SQL standard-based authorization, storage-based authorization, and default Hive authorization. In addition, Ranger provides centralized management of authorization for all HDP components. Use the following procedure to manually enable standard SQL authorization:
Note | |
---|---|
This procedure is unnecessary if your Hive administrator installed Hive using Ambari. |
Set the following configuration parameters in
hive-site.xml
:Table 2.1. Configuration Parameters for Standard SQL Authorization
Configuration Parameter
Required Value
hive.server2.enable.doAs
false
hive.users.in.admin.role
Comma-separated list of users granted the administrator role.
Start HiveServer2 with the following command-line options:
Table 2.2. HiveServer2 Command-Line Options
Command-Line Option Required Value -hiveconf hive.security.authorization.manager
org.apache.hadoop.hive.ql.security. authorization. MetaStoreAuthzAPIAuthorizerEmbedOnly
-hiveconf hive.security.authorization.enabled
true
-hiveconf hive.security.authenticator.manager
org.apache.hadoop.hive.ql.security. SessionStateUserAuthenticator
-hiveconf hive.metastore.uris
''
(a space inside single quotation marks)
Note | |
---|---|
Administrators must also specify a storage-based authorization manager for Hadoop clusters that also
use storage-based authorization. The hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider, org.apache.hadoop.hive.ql.security.authorization.MetaStoreAuthzAPIAuthorizerEmbedOnly |