Support Questions

Find answers, ask questions, and share your expertise

Hive metastore authorization

avatar
Expert Contributor

This is NOT about HiveServer2, but only on Hive metastore. Do we have only two choices on Hive metastore property hive.security.metastore.authorization.manager?

  1. StorageBasedAuthorizationProvider
  2. DefaultHiveMetastoreAuthorizationProvider
1 ACCEPTED SOLUTION

avatar
Super Guru

@ScipioTheYounger I would say only one type of authorization is available for metastore and it is the Storage based. The second one is pretty useless. It's the legacy one and it allows users to grant themselves whatever permissions they want.

View solution in original post

2 REPLIES 2

avatar
Super Guru

@ScipioTheYounger I would say only one type of authorization is available for metastore and it is the Storage based. The second one is pretty useless. It's the legacy one and it allows users to grant themselves whatever permissions they want.

avatar

Hi @ScipioTheYounger

Yes - you are correct (StorageBasedAuthorizationProvider and DefaultHiveMetastoreAuthorizationProvider) are the two provided https://cwiki.apache.org/confluence/display/Hive/Storage+Based+Authorization+in+the+Metastore+Server

DefaultHiveMetastoreAuthorizationProvider = Hive's grant/revoke model

StorageBasedAuthorizationProvider = HDFS permission based model (which is recommended on the apache website)

More info here on configuring for the storage-based model https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.2/bk_Sys_Admin_Guides/content/ref-5422cb60-d1...