question Re: Hive metastore authorization in Archives of Support Questions (Read Only) https://community.cloudera.com/t5/Archives-of-Support-Questions/Hive-metastore-authorization/m-p/124373#M39081 <P>Hi <A rel="user" href="https://community.cloudera.com/users/3209/zhuwchicago.html" nodeid="3209">@ScipioTheYounger</A></P><P>Yes - you are correct (StorageBasedAuthorizationProvider and DefaultHiveMetastoreAuthorizationProvider) are the two provided <A href="https://cwiki.apache.org/confluence/display/Hive/Storage+Based+Authorization+in+the+Metastore+Server" target="_blank">https://cwiki.apache.org/confluence/display/Hive/Storage+Based+Authorization+in+the+Metastore+Server</A> </P><P>DefaultHiveMetastoreAuthorizationProvider = Hive's grant/revoke model</P><P>StorageBasedAuthorizationProvider = HDFS permission based model (which is recommended on the apache website)</P><P>More info here on configuring for the storage-based model <A href="https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.2/bk_Sys_Admin_Guides/content/ref-5422cb60-d1d5-425a-b719-ec7bd03ee5d3.1.html" target="_blank">https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.2/bk_Sys_Admin_Guides/content/ref-5422cb60-d1d5-425a-b719-ec7bd03ee5d3.1.html</A></P> Mon, 29 Aug 2016 21:58:38 GMT RyanCicak 2016-08-29T21:58:38Z Hive metastore authorization https://community.cloudera.com/t5/Archives-of-Support-Questions/Hive-metastore-authorization/m-p/124371#M39079 <P>This is NOT about HiveServer2, but only on Hive metastore. Do we have only two choices on Hive metastore property hive.security.metastore.authorization.manager?</P><OL><LI>StorageBasedAuthorizationProvider</LI><LI>DefaultHiveMetastoreAuthorizationProvider</LI></OL> Mon, 29 Aug 2016 21:49:17 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Hive-metastore-authorization/m-p/124371#M39079 ScipioTheElder 2016-08-29T21:49:17Z Re: Hive metastore authorization https://community.cloudera.com/t5/Archives-of-Support-Questions/Hive-metastore-authorization/m-p/124372#M39080 <P><A rel="user" href="https://community.cloudera.com/users/3209/zhuwchicago.html" nodeid="3209">@ScipioTheYounger</A> I would say only one type of authorization is available for metastore and it is the Storage based. The second one is pretty useless. It's the legacy one and it allows users to grant themselves whatever permissions they want. </P> Mon, 29 Aug 2016 21:58:24 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Hive-metastore-authorization/m-p/124372#M39080 mqureshi 2016-08-29T21:58:24Z Re: Hive metastore authorization https://community.cloudera.com/t5/Archives-of-Support-Questions/Hive-metastore-authorization/m-p/124373#M39081 <P>Hi <A rel="user" href="https://community.cloudera.com/users/3209/zhuwchicago.html" nodeid="3209">@ScipioTheYounger</A></P><P>Yes - you are correct (StorageBasedAuthorizationProvider and DefaultHiveMetastoreAuthorizationProvider) are the two provided <A href="https://cwiki.apache.org/confluence/display/Hive/Storage+Based+Authorization+in+the+Metastore+Server" target="_blank">https://cwiki.apache.org/confluence/display/Hive/Storage+Based+Authorization+in+the+Metastore+Server</A> </P><P>DefaultHiveMetastoreAuthorizationProvider = Hive's grant/revoke model</P><P>StorageBasedAuthorizationProvider = HDFS permission based model (which is recommended on the apache website)</P><P>More info here on configuring for the storage-based model <A href="https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.2/bk_Sys_Admin_Guides/content/ref-5422cb60-d1d5-425a-b719-ec7bd03ee5d3.1.html" target="_blank">https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.2/bk_Sys_Admin_Guides/content/ref-5422cb60-d1d5-425a-b719-ec7bd03ee5d3.1.html</A></P> Mon, 29 Aug 2016 21:58:38 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Hive-metastore-authorization/m-p/124373#M39081 RyanCicak 2016-08-29T21:58:38Z