Support Questions
Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Create user in hive or hadoop

Labels:
Dipesh2
New Contributor

Created ‎06-02-2017 03:19 AM

I am new to cloudera,

 

Can any one sugggest me the way how can i create users in hive or hadoop and assign some sort of permissios.

 

Like have 2 users

 

First user have all access like create, select, Update etc..

 

Second user can have select permissions only.

 

 

Thanks in advaance..

8,634 Views
0 Kudos
4 REPLIES 4

mbigelow
Champion

Created ‎06-02-2017 09:37 AM

Hive has SQL based authorization that can provide issue grants to each user or group for those privileges.  I  haven't messed with the native Hive SQL authorizaiton (Cloudera doesn't recommend it as they developed Sentry).  I have worked with Apache Sentry though.  It provides the same and has some quirks (can't use Add jar command, etc.).  Apache Sentry requires Kerberos to be integrated for Hadoop and Hive.  I don't know if the native Hive SQL authorization does too but if it doesn't it is pointless without Kerberos as it is quite easy to spoof another user.

 

So in effect...

 

1. Integrate Kerberos for the cluster

2. Implement Authorization for the cluster (I recommend doing HDFS ACLs as well; look into HDFS synchronization for Hive SQL auth and Sentry).

3. Integrate LDAP at the OS for user and group management (otherwise you will be managing it manually and locally as Hadoop will still use the shell based group mapping.

 

Alternatively (although I have not done this to date)...

1. Integrate LDAP authentication for just Hive

2. Set up Hive SQL authorization

8,622 Views
0 Kudos

prithvirajshet
New Contributor

Created ‎05-28-2019 06:09 AM

Hi experts,

 

I want to create read only user in hive .

can you please provide the steps for SQL Based Hive Authorization for the same.

 

Thanks

 

 

3,758 Views
0 Kudos

csguna
Champion

Created ‎05-28-2019 07:40 AM

I assume you want to make want to have  column-level authorization with the SELECT privilege

if so you need an AD account .

then create role and then grant role to group .

then finally perform the below step

GRANT SELECT <column name> ON TABLE <table name> TO ROLE <role name>;

Please go through this link and let me know if you need any more information 

https://www.cloudera.com/documentation/enterprise/5-5-x/topics/sg_hive_sql.html#create_role_statemen...

3,750 Views
0 Kudos

csguna
Champion

Created on ‎06-02-2017 06:23 PM - edited ‎06-02-2017 06:24 PM

 

Cloudera does not support Apache Ranger or Hive's native authorization frameworks for configuring access control in Hive. Use Cloudera-supported Apache Sentry instead. 

 

https://www.cloudera.com/documentation/enterprise/5-9-x/topics/cdh_sg_hive_security.html#topic_9

 

Native Hive authorization .

Below are the settings needed in hive / hs2 in configuration  . 

hive 

hive.users.in.admin.role 


 Hiveserver2  
hive.security.authorization.manager 
hive.security.authorization.enabled 
 hive.security.authenticator.manager 
 
 
 Create roles for select only . 
 assign the user to roles . just like we do in any normal database  .

 https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-Hi...

8,606 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
Product Announcements
CDP Public Cloud Release Summary: June 2022
What's New @ Cloudera
Cloudera DataFlow for the Public Cloud 2.1 introduces in-place upgrades as a Technical Preview feature
What's New @ Cloudera
CDP Operational Database (COD) supports CDP Control Planes for multiple regions.
What's New @ Cloudera
CDP Operational Database (COD) supports Multiple Availability Zones (Multi-AZ) on AWS
What's New @ Cloudera
COD now supports the “Store File Tracking” (SFT) as a general availability feature.
View More Announcements
; ;