2. Hive 0.13 Feature: SQL Standard-based Authorization with GRANT And REVOKE SQL Statements

Hive 0.13 provides secure SQL standard-based authorization using the GRANT and REVOKE SQL statements. Hive provides three authorization models: SQL standard-based authorization, storage-based authorization, and default Hive authorization. In addition, Ranger provides centralized management of authorization for all HDP components. Use the following procedure to manually enable standard SQL authorization:


This procedure is unnecessary if your Hive administrator installed Hive using Ambari.

  1. Set the following configuration parameters in hive-site.xml :


    Table 2.1. Configuration Parameters for Standard SQL Authorization

    Configuration Parameter

    Required Value




    Comma-separated list of users granted the administrator role.

  2. Start HiveServer2 with the following command-line options:


    Table 2.2. HiveServer2 Command-Line Options

    Command-Line OptionRequired Value

    -hiveconf hive.security.authorization.manager

    org.apache.hadoop.hive.ql.security. authorization. MetaStoreAuthzAPIAuthorizerEmbedOnly

    -hiveconf hive.security.authorization.enabled


    -hiveconf hive.security.authenticator.manager

    org.apache.hadoop.hive.ql.security. SessionStateUserAuthenticator

    -hiveconf hive.metastore.uris

    ''(a space inside single quotation marks)


Administrators must also specify a storage-based authorization manager for Hadoop clusters that also use storage-based authorization. The hive.security.authorization.manager configuration property allows multiple authorization managers in comma-delimited format, so the correct value in this case is: