Reply
New Contributor
Posts: 4
Registered: ‎10-16-2017

grant all on database doesn't give grant on underneath tabled

hive: SQLStdAuth : grant all on database doesn't give grant on underneath table

 

hive: SQLStdAuth : grant all on database doesn't give grant on underneath table

1. create database testdb as hive user

2. created table in employee under testdb

3. Created user a123test

4. grant ALL on database testdb to user a123test;

5. Login form beeline as user a123test

6. selct count(*) from employee

above gives me

HiveAccessControlException Permission denied: Principal [name=a123test, type=USER] does not have following privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW, name=testdb.employee]] (state=42000,code=40000)

7. If i do

grant insert,update,delete,select on table testdb.employee to user a123test;

then user a123test can select from employee table

 

My question is if I grant ALL at database level, why i have to give tabe level grant?

 

Is there any way I can give database level select/insert/Update instead of defining grant at each table level for user/role?

 
Cloudera Employee
Posts: 211
Registered: ‎03-23-2015

Re: grant all on database doesn't give grant on underneath tabled

Are you using Sentry or Hive's built-in authorization model?

The error message does not look like sentry to me.
New Contributor
Posts: 4
Registered: ‎10-16-2017

Re: grant all on database doesn't give grant on underneath tabled

No its not related to sentry. This is when i am using stdsql authorization in hive configuration

Cloudera Employee
Posts: 211
Registered: ‎03-23-2015

Re: grant all on database doesn't give grant on underneath tabled

Hive's built-in authorization is not considered production ready and not supported by Cloudera. We could recommend to use Sentry instead:

https://www.cloudera.com/documentation/enterprise/latest/topics/cm_sg_sentry_service.html
Announcements