Support Questions
Find answers, ask questions, and share your expertise

grant all on database doesn't give grant on underneath tabled

grant all on database doesn't give grant on underneath tabled

New Contributor

hive: SQLStdAuth : grant all on database doesn't give grant on underneath table

 

hive: SQLStdAuth : grant all on database doesn't give grant on underneath table

1. create database testdb as hive user

2. created table in employee under testdb

3. Created user a123test

4. grant ALL on database testdb to user a123test;

5. Login form beeline as user a123test

6. selct count(*) from employee

above gives me

HiveAccessControlException Permission denied: Principal [name=a123test, type=USER] does not have following privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW, name=testdb.employee]] (state=42000,code=40000)

7. If i do

grant insert,update,delete,select on table testdb.employee to user a123test;

then user a123test can select from employee table

 

My question is if I grant ALL at database level, why i have to give tabe level grant?

 

Is there any way I can give database level select/insert/Update instead of defining grant at each table level for user/role?

 
3 REPLIES 3
Highlighted

Re: grant all on database doesn't give grant on underneath tabled

Guru
Are you using Sentry or Hive's built-in authorization model?

The error message does not look like sentry to me.
Highlighted

Re: grant all on database doesn't give grant on underneath tabled

New Contributor

No its not related to sentry. This is when i am using stdsql authorization in hive configuration

Highlighted

Re: grant all on database doesn't give grant on underneath tabled

Guru
Hive's built-in authorization is not considered production ready and not supported by Cloudera. We could recommend to use Sentry instead:

https://www.cloudera.com/documentation/enterprise/latest/topics/cm_sg_sentry_service.html