Configuring SQL Standard-Based Authorization
Use the following procedure to configure SQL standard-based authorization for Hive:
Set the following configuration properties in hive-site.xml to enable SQL standard-based authorization.
hive.server2.enable.doAs
Allows Hive queries to be run by the user who submits the query, rather than by the
hive
user. Must be set to FALSE for SQL standard-based authorization.hive.users.in.admin.role
Comma-separated list of users assigned to the ADMIN role.
Hive administrator must grant herself the ADMIN privilege:
GRANT admin TO USER hiveadmin;
Administrators must start HiveServer2 with the following command-line options:
Command line option
Required value
hive.security.authorization.manager
org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory
hive.security.authorization.enabled
true
hive.security.authenticator.manager
org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator
hive.metastore.uris
"" (Quotation marks surrounding a single empty space)
These properties appear in the following snippet of hive-site.xml:
<property> <name>hive.security.authorization.manager</name> <value>org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory</ value> </property> <property> <name>hive.security.authorization.enabled</name> <value>true</value> </property> <property> <name>hive.security.authenticator.manager</name> <value>org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator</value> </property> <property> <name>hive.metastore.uris</name> <value>""</value> </property>