Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here. Want to know more about what has changed? Check out the Community News blog.

Create user in hive or hadoop

Create user in hive or hadoop

New Contributor

I am new to cloudera,

 

Can any one sugggest me the way how can i create users in hive or hadoop and assign some sort of permissios.

 

Like have 2 users

 

First user have all access like create, select, Update etc..

 

Second user can have select permissions only.

 

 

Thanks in advaance..

4 REPLIES 4

Re: Create user in hive or hadoop

Champion

Hive has SQL based authorization that can provide issue grants to each user or group for those privileges.  I  haven't messed with the native Hive SQL authorizaiton (Cloudera doesn't recommend it as they developed Sentry).  I have worked with Apache Sentry though.  It provides the same and has some quirks (can't use Add jar command, etc.).  Apache Sentry requires Kerberos to be integrated for Hadoop and Hive.  I don't know if the native Hive SQL authorization does too but if it doesn't it is pointless without Kerberos as it is quite easy to spoof another user.

 

So in effect...

 

1. Integrate Kerberos for the cluster

2. Implement Authorization for the cluster (I recommend doing HDFS ACLs as well; look into HDFS synchronization for Hive SQL auth and Sentry).

3. Integrate LDAP at the OS for user and group management (otherwise you will be managing it manually and locally as Hadoop will still use the shell based group mapping.

 

Alternatively (although I have not done this to date)...

1. Integrate LDAP authentication for just Hive

2. Set up Hive SQL authorization

Re: Create user in hive or hadoop

New Contributor

Hi experts,

 

I want to create read only user in hive .

can you please provide the steps for SQL Based Hive Authorization for the same.

 

Thanks

 

 

Highlighted

Re: Create user in hive or hadoop

Champion

I assume you want to make want to have  column-level authorization with the SELECT privilege

if so you need an AD account .

then create role and then grant role to group .

then finally perform the below step

GRANT SELECT <column name> ON TABLE <table name> TO ROLE <role name>;

Please go through this link and let me know if you need any more information 

https://www.cloudera.com/documentation/enterprise/5-5-x/topics/sg_hive_sql.html#create_role_statemen...

Re: Create user in hive or hadoop

Champion

 

Cloudera does not support Apache Ranger or Hive's native authorization frameworks for configuring access control in Hive. Use Cloudera-supported Apache Sentry instead. 

 

https://www.cloudera.com/documentation/enterprise/5-9-x/topics/cdh_sg_hive_security.html#topic_9

 

Native Hive authorization .

Below are the settings needed in hive / hs2 in configuration  . 

hive 

hive.users.in.admin.role Hiveserver2 hive.security.authorization.manager hive.security.authorization.enabled hive.security.authenticator.manager Create roles for select only . assign the user to roles . just like we do in any normal database .

 https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-Hi...