Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

hive privileges on table vs database.

avatar
author-rank rakesh_nix08
Explorer

Created ‎02-01-2017 04:11 PM

Whats the difference between granting privileges on tables and granting privileges on a databases.

Example:

By granting below privileges on a table for a user, the user would be able to insert, update etc on a table.

grant insert,update,delete,select on table test01 to user user1;

Now, what would be the use of granting below insert, delete etc privileges on a database for a user ?. As in a database, we can only create and delete tables but we can't insert/update in databases.

grant insert,update,delete,select on database db1 to user user1;

And, does by granting insert, delete etc privileges on a database for a user, will the user be getting those privileges on all the objects in that database ?

30,071 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank divakarreddy_a
Guru

Created ‎02-01-2017 04:38 PM

@rakesh kumar

I hope this will help you.

if you are an admin, you need to have full access on data base and tables as well to create,drop,update,alter tables. Even if you want to drop DB you should able to do it.

if you are a developer, you will get limited access to do only your work at tables level.

View solution in original post

15,844 Views
4 REPLIES 4

avatar
author-rank divakarreddy_a
Guru

Created ‎02-01-2017 04:38 PM

@rakesh kumar

I hope this will help you.

if you are an admin, you need to have full access on data base and tables as well to create,drop,update,alter tables. Even if you want to drop DB you should able to do it.

if you are a developer, you will get limited access to do only your work at tables level.

15,845 Views

avatar
author-rank icocio author-rank
Expert Contributor

Created ‎02-01-2017 05:10 PM

@rakesh kumar

You can enforce authorization at any level in hive using Apache Ranger

Please have a look

http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.3/bk_security/content/overview_ranger_ambari_i...

15,844 Views

avatar
author-rank Shelton
Master Mentor

Created ‎02-01-2017 05:16 PM

@rakesh kumar

Granting insert,update,delete,select on table x to user1 is more granular level security there are usually many application users with different levels of privileges accessing the same table x in a database. I could run 

grant select on table x to user2 ;

this user will only have as the statements say ONLY select on tablex, Whereas the 

grant insert,update,delete,select on database db1 to user user1;

Gives user1 the precedent privileges to all tables in database db1.

To limit select ONLY to user2 I would run the below 

grant select on database db1 to user user2;

Having said that database management is easier using roles otherwise management of user privileges can become a headache.

15,844 Views

avatar
author-rank sreeviswa_athic
Super Collaborator

Created ‎02-22-2017 01:23 AM

granting insert/delete privileges on a database for a User will let the User have similar privilege on all tables under the database. User can perform DML and DDL actions in that database.

15,844 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements