Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Hive metastore authorization

Labels:
avatar
author-rank ScipioTheElder
Expert Contributor

Created ‎08-29-2016 02:49 PM

This is NOT about HiveServer2, but only on Hive metastore. Do we have only two choices on Hive metastore property hive.security.metastore.authorization.manager?

  1. StorageBasedAuthorizationProvider
  2. DefaultHiveMetastoreAuthorizationProvider
2,913 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank mqureshi
Super Guru

Created ‎08-29-2016 02:58 PM

@ScipioTheYounger I would say only one type of authorization is available for metastore and it is the Storage based. The second one is pretty useless. It's the legacy one and it allows users to grant themselves whatever permissions they want.

View solution in original post

2,233 Views
0 Kudos
2 REPLIES 2

avatar
author-rank mqureshi
Super Guru

Created ‎08-29-2016 02:58 PM

@ScipioTheYounger I would say only one type of authorization is available for metastore and it is the Storage based. The second one is pretty useless. It's the legacy one and it allows users to grant themselves whatever permissions they want.

2,234 Views
0 Kudos

avatar
author-rank RyanCicak author-rank
Guru

Created ‎08-29-2016 02:58 PM

Hi @ScipioTheYounger

Yes - you are correct (StorageBasedAuthorizationProvider and DefaultHiveMetastoreAuthorizationProvider) are the two provided https://cwiki.apache.org/confluence/display/Hive/Storage+Based+Authorization+in+the+Metastore+Server

DefaultHiveMetastoreAuthorizationProvider = Hive's grant/revoke model

StorageBasedAuthorizationProvider = HDFS permission based model (which is recommended on the apache website)

More info here on configuring for the storage-based model https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.2/bk_Sys_Admin_Guides/content/ref-5422cb60-d1...

2,233 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements