Hadoop Security Guide
Also available as:
PDF
loading table of contents...

Create a Hive Policy

To add a new policy to an existing Hive service:

  1. On the Service Manager page, select an existing service under Hive.

    service_name

    The List of Policies page appears.

    List of Policies page
  2. Click Add New Policy.

    Add New Policy button

    The Create Policy console appears.

    Hive Policy Creation Console
  3. Complete the Create Policy page as follows:

    Table 3.41. Policy Details

    FieldDescription
    Policy NameEnter an appropriate policy name. This name cannot be duplicated across the system. This field is mandatory.
    Hive DatabaseSelect the appropriate database. Multiple databases can be selected for a particular policy. This field is mandatory.
    Table/UDF Drop-downTo continue adding a table-based policy, keep Table selected. To add a User Defined Function (UDF), select UDF.
    Hive ColumnFor the selected database, select table(s) for which the policy will be applicable.
    Description(Optional) Describe the purpose of the policy.
    Audit LoggingSpecify whether this policy is audited. (De-select to disable auditing).


    Table 3.42. User and Group Permissions

    Label

    Description

    Select Group Specify the group to which this policy applies. To designate the group as an Administrator for the chosen resource, specify Admin permissions. (Administrators can create child policies based on existing policies).
    Select UserSpecify a particular user to which this policy applies (outside of an already-specified group) OR designate a particular user as Admin for this policy. (Administrators can create child policies based on existing policies).
    PermissionsAdd or edit permissions: Read, Write, Create, Admin, Select/Deselect All.
    Delegate AdminWhen a policy is assigned to a user or a group of users those users become the delegated admin. The delegated admin can update, delete the policies. It can also create child policies based on the original policy (base policy).


    Wild cards can be included in the resource path, in the database name, the table name, or column name:

    • * indicates zero or more occurrences of characters

    • ? indicates a single character

  4. Click Add.

    the green Add button