Support Questions
Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Create user in hive or hadoop

Create user in hive or hadoop

Labels:
Dipesh2
New Contributor

Created ‎06-02-2017 03:19 AM

I am new to cloudera,

 

Can any one sugggest me the way how can i create users in hive or hadoop and assign some sort of permissios.

 

Like have 2 users

 

First user have all access like create, select, Update etc..

 

Second user can have select permissions only.

 

 

Thanks in advaance..

Reply
5,547 Views
0 Kudos
4 REPLIES 4

Re: Create user in hive or hadoop

mbigelow
Champion

Created ‎06-02-2017 09:37 AM

Hive has SQL based authorization that can provide issue grants to each user or group for those privileges.  I  haven't messed with the native Hive SQL authorizaiton (Cloudera doesn't recommend it as they developed Sentry).  I have worked with Apache Sentry though.  It provides the same and has some quirks (can't use Add jar command, etc.).  Apache Sentry requires Kerberos to be integrated for Hadoop and Hive.  I don't know if the native Hive SQL authorization does too but if it doesn't it is pointless without Kerberos as it is quite easy to spoof another user.

 

So in effect...

 

1. Integrate Kerberos for the cluster

2. Implement Authorization for the cluster (I recommend doing HDFS ACLs as well; look into HDFS synchronization for Hive SQL auth and Sentry).

3. Integrate LDAP at the OS for user and group management (otherwise you will be managing it manually and locally as Hadoop will still use the shell based group mapping.

 

Alternatively (although I have not done this to date)...

1. Integrate LDAP authentication for just Hive

2. Set up Hive SQL authorization

Reply
5,535 Views
0 Kudos

Re: Create user in hive or hadoop

prithvirajshet
New Contributor

Created ‎05-28-2019 06:09 AM

Hi experts,

 

I want to create read only user in hive .

can you please provide the steps for SQL Based Hive Authorization for the same.

 

Thanks

 

 

Reply
671 Views
0 Kudos

Re: Create user in hive or hadoop

csguna
Champion

Created ‎05-28-2019 07:40 AM

I assume you want to make want to have  column-level authorization with the SELECT privilege

if so you need an AD account .

then create role and then grant role to group .

then finally perform the below step

GRANT SELECT <column name> ON TABLE <table name> TO ROLE <role name>;

Please go through this link and let me know if you need any more information 

https://www.cloudera.com/documentation/enterprise/5-5-x/topics/sg_hive_sql.html#create_role_statemen...

Reply
663 Views
0 Kudos

Re: Create user in hive or hadoop

csguna
Champion

Created on ‎06-02-2017 06:23 PM - edited ‎06-02-2017 06:24 PM

 

Cloudera does not support Apache Ranger or Hive's native authorization frameworks for configuring access control in Hive. Use Cloudera-supported Apache Sentry instead. 

 

https://www.cloudera.com/documentation/enterprise/5-9-x/topics/cdh_sg_hive_security.html#topic_9

 

Native Hive authorization .

Below are the settings needed in hive / hs2 in configuration  . 

hive 

hive.users.in.admin.role 


 Hiveserver2  
hive.security.authorization.manager 
hive.security.authorization.enabled 
 hive.security.authenticator.manager 
 
 
 Create roles for select only . 
 assign the user to roles . just like we do in any normal database  .

 https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-Hi...

Reply
5,519 Views
0 Kudos
Don't have an account?
Register
Coming from Hortonworks? Activate your account here