Support Questions

Find answers, ask questions, and share your expertise

Not able to enable authorization in hive.

avatar
New Contributor
I have running hive locally using this docker compose image. However when trying to acecss admin role by docker exec -it hiveserver2 beeline -u 'jdbc:hive2://hiveserver2:10000/' -n hive and doing  set role admin; I am getting this error ERROR : DDLTask failed, DDL Operation: class org.apache.hadoop.hive.ql.ddl.privilege.role.set.SetRoleOperation
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException: kaif doesn't belong to role admin


version: '3.9'
services:
postgres:
image: postgres
restart: unless-stopped
container_name: postgres
hostname: postgres
environment:
POSTGRES_DB: 'metastore_db'
POSTGRES_USER: 'hive'
POSTGRES_PASSWORD: 'password'
ports:
- '5432:5432'
volumes:
- hive-db:/var/lib/postgresql
networks:
- hive

metastore:
image: apache/hive:4.0.0
depends_on:
- postgres
restart: unless-stopped
container_name: metastore
hostname: metastore
environment:
DB_DRIVER: postgres
SERVICE_NAME: 'metastore'
SERVICE_OPTS: '-Xmx1G -Djavax.jdo.option.ConnectionDriverName=org.postgresql.Driver
-Djavax.jdo.option.ConnectionURL=jdbc:postgresql://postgres:5432/metastore_db
-Djavax.jdo.option.ConnectionUserName=hive
-Djavax.jdo.option.ConnectionPassword=password'
ports:
- '9083:9083'
volumes:
- warehouse:/opt/hive/data/warehouse
- type: bind
source: /Users/apple/postgresql-42.7.3.jar
target: /opt/hive/lib/postgres.jar
networks:
- hive

hiveserver2:
image: apache/hive:kaif
depends_on:
- metastore
restart: unless-stopped
container_name: hiveserver2
environment:
HIVE_SERVER2_THRIFT_PORT: 10000
SERVICE_OPTS: '-Dhive.metastore.uris=thrift://metastore:9083
-Dhive.users.in.admin.role=hive
-Dhive.security.metastore.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.MetaStoreAuthzAPIAuthorizerEmbedOnly
-Dhive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdConfOnlyAuthorizerFactory
-Dhive.security.authorization.enabled=true'
IS_RESUME: 'true'
SERVICE_NAME: 'hiveserver2'
ports:
- '10000:10000'
- '10002:10002'
volumes:
- warehouse:/opt/hive/data/warehouse
networks:
- hive

volumes:
hive-db:
warehouse:

networks:
hive:
name: hive



3 REPLIES 3

avatar
Community Manager

@kaif Welcome to the Cloudera Community!

To help you get the best possible solution, I have tagged our Hive experts @james_jones @Shmoo  who may be able to assist you further.

Please keep us updated on your post, and we hope you find a satisfactory solution to your query.@


Regards,

Diana Torres,
Community Moderator


Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:

avatar
Master Collaborator

@kaif This is non-Cloudera Hive you are testing. But let me share my two cents. 

You are using 'org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdConfOnlyAuthorizerFactory' as the auth manager.

You may want to use the following auth provider that enables you to use GRANT/REVOKE statements.

hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory

...and use:

GRANT ROLE admin TO USER kaif;

SET ROLE admin;

avatar
Community Manager

@kaif Has the reply helped resolve your issue? If so, please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future. Thanks.


Regards,

Diana Torres,
Community Moderator


Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community: