Data Services
Also available as:
loading table of contents...

SQL Standard-based Authorization with GRANT And REVOKE SQL Statements

Secure SQL standard-based authorization using the GRANT and REVOKE SQL statements is supported in Hive 0.13 and later. Hive provides three authorization models: SQL standard-based authorization, storage-based authorization, and default Hive authorization. In addition, Ranger provides centralized management of authorization for all HDP components. Use the following procedure to manually enable standard SQL authorization:


This procedure is unnecessary if your Hive administrator installed Hive using Ambari.

  1. Set the following configuration parameters in hive-site.xml :

    Table 2.1. Configuration Parameters for Standard SQL Authorization

    Configuration Parameter

    Required Value



    Comma-separated list of users granted the administrator role.

  2. Start HiveServer2 with the following command-line options:

    Table 2.2. HiveServer2 Command-Line Options

    Command-Line OptionRequired Value

    -hiveconf authorization. MetaStoreAuthzAPIAuthorizerEmbedOnly



    -hiveconf SessionStateUserAuthenticator

    -hiveconf hive.metastore.uris

    ''(a space inside single quotation marks)


Administrators must also specify a storage-based authorization manager for Hadoop clusters that also use storage-based authorization. The configuration property allows multiple authorization managers in comma-delimited format, so the correct value in this case is:,