Community Articles

Find and share helpful community-sourced technical articles.
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Labels (1)
avatar
Rising Star

PROBLEM

Users able to drop table on hive though they are not the table owners. Need to enable metastore server security to start using the storage based auth.

SOLUTION

To enable metastore security we need to enable the following parameter

  • hive.metastore.pre.event.listeners [This turns on metastore-side security.]
    • Set to org.apache.hadoop.hive.ql.security.authorization.AuthorizationPreEventListener
  • hive.security.metastore.authorization.manager [This tells Hive which metastore-side authorization provider to use. The default setting uses DefaultHiveMetastoreAuthorizationProvider, which implements the standard Hive grant/revoke model. To use an HDFS permission-based model (recommended) to do your authorization, use StorageBasedAuthorizationProvider as instructed above]
    • Set to org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider
  • hive.security.metastore.authenticator.manager
    • Set to org.apache.hadoop.hive.ql.security.HadoopDefaultMetastoreAuthenticator
  • hive.security.metastore.authorization.auth.reads
    • When this is set to true, Hive metastore authorization also checks for read access. It is set to true by default. Read authorization checks were introduced in Hive 0.14.0
2,585 Views
Version history
Last update:
‎05-25-2018 06:12 PM
Updated by:
Contributors