Configuring authorization to tables

Although the upgrade process makes no change to the location of external tables, you need to set up access to external tables in HDFS. If you choose the recommended Ranger security model for authorization, you need to set up policies and configure Hive metastore (HMS).

Set up access to external tables in HDFS using one of the following methods.

  • Set up a Hive HDFS policy in Ranger (recommended) to include the paths to external table data.

    For more information, see Authorizing Apache Hive Access (link below).

  • Put an HDFS ACL in place. Store the external text file, for example a comma-separated values (CSV) file, in HDFS that will serve as the data source for the external table.
If you want to use Ranger to authorize access to your tables, you must configure a few HMS properties for authorization (link below) in addition to setting up Ranger policies. If you have not configured HMS, attempting to create a table using Spark SQL, Beeline, or Hue results in the following error:
org.apache.hadoop.hive.ql.ddl.DDLTask. MetaException(message:No privilege 'Create' found for outputs { database:DATABASE_NAME, table:TABLE_NAME})