hive 权限控制

Last updated on November 20, 2024 am

🧙 Questions

使用hive的权限管理

☄️ Ideas

开启权限控制
vim /opt/hive/conf/hive-site.xml
<!-- 关闭linux权限控制 -->
<property>
  <name>hive.server2.enable.doAs</name>
  <value>false</value>
</property>

<!-- 开启客户端权限控制 -->
<property>
  <name>hive.security.authorization.enabled</name>
  <value>true</value>
</property>

<!-- 选择sql stand权限管理类型 -->
<property>
  <name>hive.security.authorization.manager</name>
  <value>org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdConfOnlyAuthorizerFactory</value>
</property>

<property>
  <name>hive.security.metastore.authorization.manager</name>
  <value>org.apache.hadoop.hive.ql.security.authorization.MetaStoreAuthzAPIAuthorizerEmbedOnly</value>
</property>

<property>
  <name>hive.security.authenticator.manager</name>
  <value>org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator</value>
</property>

<!-- 指定用户zhiqingyun具有的admin权限,可用逗号隔开-->
<property>
  <name>hive.users.in.admin.role</name>
  <value>zhiqingyun</value>
</property>

<!-- ispong :) beeline username -->
<property>
  <name>hive.server2.thrift.client.user</name>
  <value>zhiqingyun</value>
</property>
    
<!-- ispong :) beeline password -->
<property>
  <name>hive.server2.thrift.client.password</name>
  <value>zhiqingyun123</value>
</property>

<property>   
   <name>hive.security.authorization.createtable.owner.grants</name>   
   <value>ALL</value>
</property>

重启hive服务

进入hive终端

使用root用户进入测试

beeline -n root -u jdbc:hive2://localhost:10000
创建角色

hive无法创建用户,用户需要从linux中创建

beeline -n zhiqingyun -p zhiqingyun123 -u jdbc:hive2://localhost:10000
!connect jdbc:hive2://localhost:10000 zhiqingyun

# 终端设置admin权限
set hive.users.in.admin.role;
set role admin;

# 显示当前角色
SHOW CURRENT ROLES;

# 看他人权限
show grant user root;

# 切换用户
CREATE ROLE demo_db_admin;

# 查看角色
SHOW ROLES;

SET ROLE ADMIN;

# 删除角色
DROP ROLE demo_db_admin;

# 赋予权限
grant select on database ispong_db to role demo_db_admin;
grant select on table users_textfile2 to role demo_db_admin; 

grant role demo_db_admin to user zhiqingyun; 
set role demo_db_admin;

SHOW ROLE GRANT USER zhiqingyun;

SHOW PRINCIPALS demo_db_admin;

● SELECT privilege – gives read access to an object.

● INSERT privilege – gives ability to add data to an object (table).

● UPDATE privilege – gives ability to run update queries on an object (table).

● DELETE privilege – gives ability to delete data in an object (table).

● ALL PRIVILEGES – gives all privileges (gets translated into all the above privileges).

hive
hive 权限控制
https://ispong.isxcode.com/hadoop/hive/hive 权限控制/
Author
ispong
Posted on
August 2, 2023
Licensed under