Support Questions

kaif · ‎06-24-2024

I have running hive locally using this docker compose image. However when trying to acecss admin role by docker exec -it hiveserver2 beeline -u 'jdbc:hive2://hiveserver2:10000/' -n hive and doing  set role admin; I am getting this error ERROR : DDLTask failed, DDL Operation: class org.apache.hadoop.hive.ql.ddl.privilege.role.set.SetRoleOperation
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException: kaif doesn't belong to role admin


version: '3.9'
services:
postgres:
image: postgres
restart: unless-stopped
container_name: postgres
hostname: postgres
environment:
POSTGRES_DB: 'metastore_db'
 POSTGRES_USER: 'hive'
 POSTGRES_PASSWORD: 'password'
 ports:
- '5432:5432'
 volumes:
- hive-db:/var/lib/postgresql
networks:
- hive

metastore:
image: apache/hive:4.0.0
depends_on:
- postgres
restart: unless-stopped
container_name: metastore
hostname: metastore
environment:
DB_DRIVER: postgres
SERVICE_NAME: 'metastore'
 SERVICE_OPTS: '-Xmx1G -Djavax.jdo.option.ConnectionDriverName=org.postgresql.Driver
 -Djavax.jdo.option.ConnectionURL=jdbc:postgresql://postgres:5432/metastore_db
 -Djavax.jdo.option.ConnectionUserName=hive
 -Djavax.jdo.option.ConnectionPassword=password'
 ports:
- '9083:9083'
 volumes:
- warehouse:/opt/hive/data/warehouse
- type: bind
source: /Users/apple/postgresql-42.7.3.jar
target: /opt/hive/lib/postgres.jar
networks:
- hive

hiveserver2:
image: apache/hive:kaif
depends_on:
- metastore
restart: unless-stopped
container_name: hiveserver2
environment:
HIVE_SERVER2_THRIFT_PORT: 10000
SERVICE_OPTS: '-Dhive.metastore.uris=thrift://metastore:9083
 -Dhive.users.in.admin.role=hive
 -Dhive.security.metastore.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.MetaStoreAuthzAPIAuthorizerEmbedOnly
 -Dhive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdConfOnlyAuthorizerFactory
 -Dhive.security.authorization.enabled=true'
 IS_RESUME: 'true'
 SERVICE_NAME: 'hiveserver2'
 ports:
- '10000:10000'
 - '10002:10002'
 volumes:
- warehouse:/opt/hive/data/warehouse
networks:
- hive

volumes:
hive-db:
warehouse:

networks:
hive:
name: hive

DianaTorres · ‎06-24-2024

@kaif Welcome to the Cloudera Community!

To help you get the best possible solution, I have tagged our Hive experts @james_jones @Shmoo who may be able to assist you further.

Please keep us updated on your post, and we hope you find a satisfactory solution to your query.@

Regards,

Diana Torres,
Community Moderator

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
Community Guidelines
How to use the forum

smruti · ‎06-27-2024

@kaif This is non-Cloudera Hive you are testing. But let me share my two cents.

You are using 'org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdConfOnlyAuthorizerFactory' as the auth manager.

You may want to use the following auth provider that enables you to use GRANT/REVOKE statements.

hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory

...and use:

GRANT ROLE admin TO USER kaif;

SET ROLE admin;

DianaTorres · ‎07-01-2024

@kaif Has the reply helped resolve your issue? If so, please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future. Thanks.

Regards,

Diana Torres,
Community Moderator

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
Community Guidelines
How to use the forum

Support Questions

Not able to enable authorization in hive.