Create a default directory for managed tables
You can specify a top level directory for managed tables when creating a Hive database.
Create a default directory for managed tables only after limiting CREATE
DATABASE and ALTER DATABASE statements to users having the Admin role, which has
hive
service user permissions. Permissions to the managed
directory must be limited to the hive
service user. In addition to
restricting permissions to the hive
user, you can further secure
managed tables using Ranger fine-grained permissions, such as row-level filtering
and column masking.
hive.metastore.warehouse.dir
configuration
property to give managed tables a common location for governance policies. The managed
location designates a single root directory for all tenant tables, managed and external.
Setting the metastore.warehouse.tenant.colocation
property
to true
allows a common location for managed tables outside the
warehouse root directory, providing a tenant-based common root for setting quotas
and other policies. To set this property, in Cloudera Manager use the Hive on Tez
safety valve for hive-site.xml as shown below.
CREATE (DATABASE|SCHEMA) [IF NOT EXISTS] database_name
[COMMENT database_comment]
[LOCATION external_table_path]
[MANAGEDLOCATION managed_table_directory_path]
[WITH DBPROPERTIES (property_name=property_value, ...)];
Do not set LOCATION and MANAGEDLOCATION to the same HDFS path.ALTER (DATABASE|SCHEMA) database_name SET MANAGEDLOCATION [managed_table_directory_path];