Required Privileges for Hive Operations
Privileges apply to tables and views, but not databases. The following privileges may be granted and revoked:
Y = required privilege
Y + G = required privilege and the ability to grant the privilege to other users
The privileges are required for some Hive operations, as specified in the following table.
Hive Operation | SELECT | INSERT | DELETE | Update | Ownership | Admin | URI privilege (POSIX + ownership) |
GRANT | Y | ||||||
REVOKE | Y | ||||||
SHOW GRANT | Y | ||||||
SHOW ROLE GRANT | Y | ||||||
CREATE ROLE | Y | ||||||
SET ROLE | Y | ||||||
DROP ROLE | Y | ||||||
CREATE TABLE | Y (of database) | ||||||
DROP TABLE | Y | ||||||
DESCRIBE TABLE | Y | ||||||
SHOW PARTITIONS | Y | ||||||
ALTER TABLE LOCATION | Y | Y (for new location) | |||||
ALTER PARTITION LOCATION | Y | Y (for new partition location | |||||
ALTER TABLE ADD PARTITION | Y | Y (for partition location) | |||||
ALTER TABLE DROP PARTITION | Y | ||||||
all other ALTER TABLE commands | Y | ||||||
TRUNCATE TABLE | Y | ||||||
CREATE VIEW | Y + G | ||||||
ALTER VIEW PROPERTIES | Y | ||||||
ALTER VIEW RENAME | Y | ||||||
DROP VIEW PROPERTIES | Y | ||||||
DROP VIEW | Y | ||||||
ANALYZE TABLE | Y | Y | |||||
SHOW COLUMNS | Y | ||||||
SHOW TABLE STATUS | Y | ||||||
SHOW TABLE PROPERTIES | Y | ||||||
CREATE TABLE AS SELECT | Y (of input) | Y | Y (of database) | ||||
UPDATE TABLE | Y | ||||||
CREATE INDEX | Y (of table) | ||||||
DROP INDEX | Y | ||||||
ALTER INDEX REBUILD | Y | ||||||
ALTER INDEX PROPERTIES | Y | ||||||
QUERY (INSERT, SELECT queries) | Y (input) | Y (output) | Y (output) | ||||
LOAD | Y (output) | Y (output) | Y (input location) | ||||
SHOW CREATE TABLE | Y + G | ||||||
CREATE FUNCTION | Y | ||||||
DROP FUNCTION | Y | ||||||
CREATE MACRO | Y | ||||||
DROP MACRO | Y | ||||||
MSCK (metastore check) | Y | ||||||
ALTER DATABASE | Y | ||||||
CREATE DATABASE | Y (for custom location) | ||||||
EXPLAIN | Y | ||||||
DROP DATABASE | Y |