3. Required Privileges for Hive Operations

Privileges apply to tables and views, but not databases. The following privileges may be granted and revoked:

  • Y = required privilege

  • Y + G = required privilege and the ability to grant the privilege to other users

The following privileges are required for the specified Hive operations:

  • Y = required privilege

  • Y + G = required privilege and the ability to grant the privilege to other users

Hive Operation

SELECT

INSERT

DELETE

Update

Ownership

Admin

URI privilege (POSIX + ownership)

GRANT

Y

REVOKE

Y

SHOW GRANT

Y

SHOW ROLE GRANT

Y

CREATE ROLE

Y

SET ROLE

Y

DROP ROLE

Y

CREATE TABLE

Y (of database)

DROP TABLE

Y

DESCRIBE TABLE

Y

SHOW PARTITIONS

Y

ALTER TABLE LOCATION

Y

Y (for new location)

ALTER PARTITION LOCATION

Y

Y (for new partition location

ALTER TABLE ADD PARTITION

Y

Y (for partition location)

ALTER TABLE DROP PARTITION

Y

all other ALTER TABLE commands

Y

TRUNCATE TABLE

Y

CREATE VIEW

Y + G

ALTER VIEW PROPERTIES

Y

ALTER VIEW RENAME

Y

DROP VIEW PROPERTIES

Y

DROP VIEW

Y

ANALYZE TABLE

Y

Y

SHOW COLUMNS

Y

SHOW TABLE STATUS

Y

SHOW TABLE PROPERTIES

Y

CREATE TABLE AS SELECT

Y (of input)

Y

Y (of database)

UPDATE TABLE

Y

CREATE INDEX

Y (of table)

DROP INDEX

Y

ALTER INDEX REBUILD

Y

ALTER INDEX PROPERTIES

Y

QUERY (INSERT, SELECT queries)

Y (input)

Y (output)

Y (output)

LOAD

Y (output)

Y (output)

Y (input location)

SHOW CREATE TABLE

Y + G

CREATE FUNCTION

Y

DROP FUNCTION

Y

CREATE MACRO

Y

DROP MACRO

Y

MSCK (metastore check)

Y

ALTER DATABASE

Y

CREATE DATABASE

Y (for custom location)

EXPLAIN

Y

DROP DATABASE

Y