Community Articles
Find and share helpful community-sourced technical articles
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.
Labels (1)
Cloudera Employee


Users able to drop table on hive though they are not the table owners. Need to enable metastore server security to start using the storage based auth.


To enable metastore security we need to enable the following parameter

  • hive.metastore.pre.event.listeners [This turns on metastore-side security.]
    • Set to
  • [This tells Hive which metastore-side authorization provider to use. The default setting uses DefaultHiveMetastoreAuthorizationProvider, which implements the standard Hive grant/revoke model. To use an HDFS permission-based model (recommended) to do your authorization, use StorageBasedAuthorizationProvider as instructed above]
    • Set to
    • Set to
    • When this is set to true, Hive metastore authorization also checks for read access. It is set to true by default. Read authorization checks were introduced in Hive 0.14.0
Don't have an account?
Coming from Hortonworks? Activate your account here
Version history
Revision #:
1 of 1
Last update:
‎05-25-2018 06:12 PM
Updated by:
Top Kudoed Authors