Created 06-02-2017 03:19 AM
I am new to cloudera,
Can any one sugggest me the way how can i create users in hive or hadoop and assign some sort of permissios.
Like have 2 users
First user have all access like create, select, Update etc..
Second user can have select permissions only.
Thanks in advaance..
Created 06-02-2017 09:37 AM
Hive has SQL based authorization that can provide issue grants to each user or group for those privileges. I haven't messed with the native Hive SQL authorizaiton (Cloudera doesn't recommend it as they developed Sentry). I have worked with Apache Sentry though. It provides the same and has some quirks (can't use Add jar command, etc.). Apache Sentry requires Kerberos to be integrated for Hadoop and Hive. I don't know if the native Hive SQL authorization does too but if it doesn't it is pointless without Kerberos as it is quite easy to spoof another user.
So in effect...
1. Integrate Kerberos for the cluster
2. Implement Authorization for the cluster (I recommend doing HDFS ACLs as well; look into HDFS synchronization for Hive SQL auth and Sentry).
3. Integrate LDAP at the OS for user and group management (otherwise you will be managing it manually and locally as Hadoop will still use the shell based group mapping.
Alternatively (although I have not done this to date)...
1. Integrate LDAP authentication for just Hive
2. Set up Hive SQL authorization
Created 05-28-2019 06:09 AM
Hi experts,
I want to create read only user in hive .
can you please provide the steps for SQL Based Hive Authorization for the same.
Thanks
Created 05-28-2019 07:40 AM
I assume you want to make want to have column-level authorization with the SELECT privilege
if so you need an AD account .
then create role and then grant role to group .
then finally perform the below step
GRANT SELECT <column name> ON TABLE <table name> TO ROLE <role name>;
Please go through this link and let me know if you need any more information
Created on 06-02-2017 06:23 PM - edited 06-02-2017 06:24 PM
Cloudera does not support Apache Ranger or Hive's native authorization frameworks for configuring access control in Hive. Use Cloudera-supported Apache Sentry instead.
https://www.cloudera.com/documentation/enterprise/5-9-x/topics/cdh_sg_hive_security.html#topic_9
Native Hive authorization .
Below are the settings needed in hive / hs2 in configuration .
hive
hive.users.in.admin.role Hiveserver2 hive.security.authorization.manager hive.security.authorization.enabled hive.security.authenticator.manager Create roles for select only . assign the user to roles . just like we do in any normal database .