Securing Apache Hive
Also available as:
PDF

Authorization configuration parameters

Understanding key authorization parameter descriptions help you configure storage-based authorization correctly.

Table 1. Authorization Parameters in hive-site.xml

Configuration Property

Description

hive.security.authorization.enabled

Enables or disables Hive client authorization done as part of query compilation. This property must be set to false in the hive-site.xml file for storage-based authorization, as it is already enabled via checks on metastore API calls.

hive.server2.enable.doAs

Allows Hive queries to be run by the user who submits the query rather than the Hive user. Must be set to true for storage-based access.

hive.metastore.pre.event.listeners

Enables Metastore security. Specify the following value:

org.apache.hadoop.hive.ql.security.authorization.

AuthorizationPreEventListener.

hive.security.metastore.authorization.manager

The class name of the Hive Metastore authorization manager. Specify the following value for storage-based authorization:

org.apache.hadoop.hive.ql.security.authorization.

StorageBasedAuthorizationProvider.