Securing Apache Hive
Also available as:
PDF

Transactional table access

As administrator, you must set file system permissions or enable the Apache Ranger service for authorization of users who want to work with transactional tables, which are the default and ACID-compliant tables in Hive 3 and later.

ACID tables reside by default in /warehouse/tablespace/managed/hive. Only the Hive service can own and interact with files in this directory. Storage-based authorization (SBA) does not work to give users access ACID tables for the following reasons:

  • Limiting users to Hive prevents dirty reads, inconsistencies, and other problems.
  • The low-latency analytical processing (LLAP) cache separates data from the storage location, which is incompatible with SBA.

Ranger is the only available authorization mechanism for ACID tables.