我已经将kerberos设置为配置单元的安全模型,但是我正在努力获得正确的权限。现在,用户可以创建和删除数据库,但不能创建表:
hive> show databases;
OK
cpenney
default
Time taken: 0.051 seconds, Fetched: 2 row(s)
hive> drop database cpenney;
OK
Time taken: 0.098 seconds
hive> create database cpenney;
OK
Time taken: 0.062 seconds
hive> create table test ( hostgroup STRING );
Authorization failed:No privilege 'Create' found for outputs { database:cpenney}. Use show grant to get more details.
hive> show grant user cpenney on database cpenney;
OK
Time taken: 0.016 seconds
hive> grant all on database cpenney to user cpenney;
OK
Time taken: 0.022 seconds
hive> show grant user cpenney on database cpenney;
OK
database cpenney
principalName cpenney
principalType USER
privilege All
grantTime Thu Sep 05 11:07:59 EDT 2013
grantor cpenney@REALM.COM
Time taken: 0.02 seconds, Fetched: 7 row(s)
hive> create table test ( hostgroup STRING );
Authorization failed:No privilege 'Create' found for outputs { database:cpenney}. Use show grant to get more details.
我正在使用以下设置(从该粘贴中删除了一些设置):
<property>
<name>hive.security.authorization.enabled</name>
<value>true</value>
</property>
<property>
<name>hive.security.authorization.createtable.owner.grants</name>
<value>ALL</value>
</property>
<property>
<name>hive.security.metastore.authorization.enabled</name>
<value>true</value>
</property>
<property>
<name>hive.metastore.authorization.storage.checks</name>
<value>true</value>
</property>
<property>
<name>hive.security.metastore.authorization.manager</name>
<value>org.apache.hadoop.hive.ql.security.authorization.DefaultHiveMetastoreAuthorizationProvider</value>
</property>
<property>
<name>hive.security.metastore.authenticator.manager</name>
<value>org.apache.hadoop.hive.ql.security.HadoopDefaultMetastoreAuthenticator</value>
</property>
hive.security.authorization.createtable.owner.grants选项似乎什么都没有做。当我在/user/hive/warehouse中查看文件时,该文件是由同一个用户拥有的,所以这似乎是正确的。
我正在使用hadoop1.1.1和hive0.11。
谢谢!
1条答案
按热度按时间qoefvg9y1#
将hive.security.authorization.enabled设置为false
您可以将create授予您的用户名。
有关更多详细信息:配置单元授权
谢谢,ssp