3. Required Privileges for Hive Operations

Privileges apply to tables and views, but not databases. The following privileges may be granted and revoked:

Y = required privilege
Y + G = required privilege and the ability to grant the privilege to other users

The following privileges are required for the specified Hive operations:

Y = required privilege
Y + G = required privilege and the ability to grant the privilege to other users

Hive Operation	SELECT	INSERT	DELETE	Update	Ownership	Admin	URI privilege (POSIX + ownership)
GRANT						Y
REVOKE						Y
SHOW GRANT						Y
SHOW ROLE GRANT						Y
CREATE ROLE						Y
SET ROLE						Y
DROP ROLE						Y
CREATE TABLE					Y (of database)
DROP TABLE					Y
DESCRIBE TABLE	Y
SHOW PARTITIONS	Y
ALTER TABLE LOCATION					Y		Y (for new location)
ALTER PARTITION LOCATION					Y		Y (for new partition location
ALTER TABLE ADD PARTITION		Y					Y (for partition location)
ALTER TABLE DROP PARTITION			Y
all other ALTER TABLE commands					Y
TRUNCATE TABLE					Y
CREATE VIEW	Y + G
ALTER VIEW PROPERTIES					Y
ALTER VIEW RENAME					Y
DROP VIEW PROPERTIES					Y
DROP VIEW					Y
ANALYZE TABLE	Y	Y
SHOW COLUMNS	Y
SHOW TABLE STATUS	Y
SHOW TABLE PROPERTIES	Y
CREATE TABLE AS SELECT	Y (of input)				Y	Y (of database)
UPDATE TABLE	Y
CREATE INDEX						Y (of table)
DROP INDEX						Y
ALTER INDEX REBUILD						Y
ALTER INDEX PROPERTIES						Y
QUERY (INSERT, SELECT queries)	Y (input)	Y (output)	Y (output)
LOAD		Y (output)	Y (output)				Y (input location)
SHOW CREATE TABLE	Y + G
CREATE FUNCTION						Y
DROP FUNCTION						Y
CREATE MACRO						Y
DROP MACRO						Y
MSCK (metastore check)						Y
ALTER DATABASE						Y
CREATE DATABASE							Y (for custom location)
EXPLAIN	Y
DROP DATABASE				Y