Data Access
Also available as:
PDF
loading table of contents...

Required Privileges for Hive Operations

Privileges apply to tables and views, but not databases. The following privileges may be granted and revoked:

  • Y = required privilege

  • Y + G = required privilege and the ability to grant the privilege to other users

The privileges are required for some Hive operations, as specified in the following table.

Hive Operation

SELECT

INSERT

DELETE

Update

Ownership

Admin

URI privilege (POSIX + ownership)

GRANT

Y

REVOKE

Y

SHOW GRANT

Y

SHOW ROLE GRANT

Y

CREATE ROLE

Y

SET ROLE

Y

DROP ROLE

Y

CREATE TABLE

Y (of database)

DROP TABLE

Y

DESCRIBE TABLE

Y

SHOW PARTITIONS

Y

ALTER TABLE LOCATION

Y

Y (for new location)

ALTER PARTITION LOCATION

Y

Y (for new partition location

ALTER TABLE ADD PARTITION

Y

Y (for partition location)

ALTER TABLE DROP PARTITION

Y

all other ALTER TABLE commands

Y

TRUNCATE TABLE

Y

CREATE VIEW

Y + G

ALTER VIEW PROPERTIES

Y

ALTER VIEW RENAME

Y

DROP VIEW PROPERTIES

Y

DROP VIEW

Y

ANALYZE TABLE

Y

Y

SHOW COLUMNS

Y

SHOW TABLE STATUS

Y

SHOW TABLE PROPERTIES

Y

CREATE TABLE AS SELECT

Y (of input)

Y

Y (of database)

UPDATE TABLE

Y

CREATE INDEX

Y (of table)

DROP INDEX

Y

ALTER INDEX REBUILD

Y

ALTER INDEX PROPERTIES

Y

QUERY (INSERT, SELECT queries)

Y (input)

Y (output)

Y (output)

LOAD

Y (output)

Y (output)

Y (input location)

SHOW CREATE TABLE

Y + G

CREATE FUNCTION

Y

DROP FUNCTION

Y

CREATE MACRO

Y

DROP MACRO

Y

MSCK (metastore check)

Y

ALTER DATABASE

Y

CREATE DATABASE

Y (for custom location)

EXPLAIN

Y

DROP DATABASE

Y