Community Articles
Find and share helpful community-sourced technical articles
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.
Labels (1)
New Contributor

PROBLEM

Users able to drop table on hive though they are not the table owners. Need to enable metastore server security to start using the storage based auth.

SOLUTION

To enable metastore security we need to enable the following parameter

  • hive.metastore.pre.event.listeners [This turns on metastore-side security.]
    • Set to org.apache.hadoop.hive.ql.security.authorization.AuthorizationPreEventListener
  • hive.security.metastore.authorization.manager [This tells Hive which metastore-side authorization provider to use. The default setting uses DefaultHiveMetastoreAuthorizationProvider, which implements the standard Hive grant/revoke model. To use an HDFS permission-based model (recommended) to do your authorization, use StorageBasedAuthorizationProvider as instructed above]
    • Set to org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider
  • hive.security.metastore.authenticator.manager
    • Set to org.apache.hadoop.hive.ql.security.HadoopDefaultMetastoreAuthenticator
  • hive.security.metastore.authorization.auth.reads
    • When this is set to true, Hive metastore authorization also checks for read access. It is set to true by default. Read authorization checks were introduced in Hive 0.14.0
510 Views
Don't have an account?
Coming from Hortonworks? Activate your account here
Version history
Revision #:
1 of 1
Last update:
‎05-25-2018 06:12 PM
Updated by:
 
Contributors
Top Kudoed Authors