1
我已經將Kerberos設置爲配置單元的安全模型,但我努力獲得權限。現在,用戶可以創建和刪除數據庫罰款,但不能創建一個表:Hive創建權限w /安全啓用
hive> show databases;
OK
cpenney
default
Time taken: 0.051 seconds, Fetched: 2 row(s)
hive> drop database cpenney;
OK
Time taken: 0.098 seconds
hive> create database cpenney;
OK
Time taken: 0.062 seconds
hive> create table test (hostgroup STRING);
Authorization failed:No privilege 'Create' found for outputs { database:cpenney}. Use show grant to get more details.
hive> show grant user cpenney on database cpenney;
OK
Time taken: 0.016 seconds
hive> grant all on database cpenney to user cpenney;
OK
Time taken: 0.022 seconds
hive> show grant user cpenney on database cpenney;
OK
database cpenney
principalName cpenney
principalType USER
privilege All
grantTime Thu Sep 05 11:07:59 EDT 2013
grantor [email protected]
Time taken: 0.02 seconds, Fetched: 7 row(s)
hive> create table test (hostgroup STRING);
Authorization failed:No privilege 'Create' found for outputs { database:cpenney}. Use show grant to get more details.
我使用以下設置(一些從這個貼刪減):
<property>
<name>hive.security.authorization.enabled</name>
<value>true</value>
</property>
<property>
<name>hive.security.authorization.createtable.owner.grants</name>
<value>ALL</value>
</property>
<property>
<name>hive.security.metastore.authorization.enabled</name>
<value>true</value>
</property>
<property>
<name>hive.metastore.authorization.storage.checks</name>
<value>true</value>
</property>
<property>
<name>hive.security.metastore.authorization.manager</name>
<value>org.apache.hadoop.hive.ql.security.authorization.DefaultHiveMetastoreAuthorizationProvider</value>
</property>
<property>
<name>hive.security.metastore.authenticator.manager</name>
<value>org.apache.hadoop.hive.ql.security.HadoopDefaultMetastoreAuthenticator</value>
</property>
它似乎並不像hive.security.authorization.createtable.owner.grants選項正在做任何事情。當我查看/ user/hive /倉庫時,文件由同一用戶擁有,所以看起來是正確的。
我使用的是hadoop 1.1.1和hive 0.11。
謝謝!