Configuring SQL Standard-Based Authorization

Prerequisite

You must have permission to run Hive commands as admin.

Steps

Use the following procedure to configure SQL standard-based authorization for Hive:

Set the following configuration properties in the hive-site.xml file to enable SQL standard-based authorization.
- hive.server2.enable.doAs
  Allows Hive queries to be run by the user who submits the query, rather than by the hive user. Must be set to false for SQL standard-based authorization.
- hive.users.in.admin.role
  Comma-separated list of users assigned to the admin role.
Grant the ADMIN privilege to the admin role:
GRANT admin TO USER hiveadmin;

Start HiveServer2 with the following command-line option settings:

Command line option	Required value
`hive.security.authorization.manager`	org.apache.hadoop.hive.ql.security.authorization.plugin.sql
`hive.security.authorization.enabled`	true
`hive.security.authenticator.manager`	org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator
`hive.metastore.uris`	"" (Quotation marks surrounding a single empty space)

These properties appear in the following snippet of the hive-site.xml file:

<property>
 <name>hive.security.authorization.manager</name>
 <value>org.apache.hadoop.hive.ql.security.authorization.plugin.sql</ value>
</property>

<property>
 <name>hive.security.authorization.enabled</name>
 <value>true</value>
</property>

<property>
 <name>hive.security.authenticator.manager</name>
 <value>org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator</value>
</property>

<property>
 <name>hive.metastore.uris</name>
 <value>""</value>
</property>

​Configuring SQL Standard-Based Authorization

Configuring SQL Standard-Based Authorization