Support Questions

OOoops GRANT SELECT ON TABLE logs TO USER bigotes WITH GRANT OPTION;

Hi:

I have this in /usr/hdp/2.3.2.0-2950/hive/conf/hive-site.xml

<property>
      <name>hive.security.authorization.enabled</name>
      <value>false</value>
    </property>

<property>
      <name>hive.security.authorization.createtable.owner.grants</name>
      <value>ALL</value>
      <description>the privileges automatically granted to the owner whenever a table gets created.
      </description>
    </property>

and I restarted all the hiveserver2

hive> GRANT SELECT ON TABLE logs TO USER bigotes WITH GRANT OPTION;
FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Permission denied: Principal [name=hive, type=USER] does not have following privileges for operation GRANT_PRIVILEGE [[SELECT with grant] on Object [type=TABLE_OR_VIEW, name=default.logs]]

Any Suggestions??

Many many thanks

Whats the output of these 2 scripts

SHOW CURRENT ROLES;

SHOW ROLES;

hive> SHOW CURRENT ROLES;
OK
public
Time taken: 1.518 seconds, Fetched: 1 row(s)
hive> SHOW ROLES;
FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Current user : hive is not allowed to list roles. User has to belong to ADMIN role and have it as current role, for this action.

You need to grant bigotes an ADMIN role but try the below method first

Here are the points:

1. You should change all setting with Ambari.

2. Don't change hive.metastore.uris-setting

3. Manually change hiveserver2-site.xml property of hive.security.authorization.manager

<property>

<name>hive.security.authorization.enabled</name>

<value>true</value>

</property>

<property>

<name>hive.security.authorization.manager</name> <value>org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory</value>

</property>

<property>

<name>hive.security.authenticator.manager</name> <value>org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator</value>

</property>

<property>

<name>hive.metastore.uris</name>

<value>''</value>

</property>

<property>

<name>hive.conf.restricted.list</name> value>hive.security.authorization.enabled,hive.security.authorization.manager,hive.security.authenticator.manager</value> </property>

4. Copy hiveserver2-site.xml to /etc/hive/conf.server/

5. Restart hiveserver2

6. Use only beeline for SQL permissions

Hi:

After do this same error, here my xml file,

0: jdbc:hive2://lnxbig05.cajarural.gcr:10000> GRANT SELECT ON TABLE logs TO USER bigotes WITH GRANT OPTION;
Error: Error while processing statement: FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Permission denied: Principal [name=hive, type=USER] does not have following privileges for operation GRANT_PRIVILEGE [[SELECT with grant] on Object [type=TABLE_OR_VIEW, name=default.logs]] (state=08S01,code=1)

[hive@lnxbig05 conf.server]$ pwd
/etc/hive/conf/conf.server
[hive@lnxbig05 conf.server]$ cat hiveserver2-site.xml
    <configuration>
    <property>
      <name>hive.conf.restricted.list</name>
      <value>hive.security.authorization.enabled,hive.security.authorization.manager,hive.security.authenticator.manager</value>
    </property>
    <property>
      <name>hive.metastore.uris</name>
      <value>thrift://lnxbig05.cajarural.gcr:9083</value>
    </property>
    <property>
      <name>hive.security.authenticator.manager</name>
      <value>org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator</value>
    </property>
    <property>
      <name>hive.security.authorization.enabled</name>
      <value>true</value>
    </property>
    <property>
      <name>hive.security.authorization.manager</name>
      <value>org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory</value>
    </property>

@Roberto Sancho has this been addressed?