2013-09-05 78 views
1

我已經將Kerberos設置爲配置單元的安全模型,但我努力獲得權限。現在,用戶可以創建和刪除數據庫罰款,但不能創建一個表:Hive創建權限w /安全啓用

hive> show databases; 
OK 
cpenney 
default 
Time taken: 0.051 seconds, Fetched: 2 row(s) 
hive> drop database cpenney; 
OK 
Time taken: 0.098 seconds 
hive> create database cpenney; 
OK 
Time taken: 0.062 seconds 
hive> create table test (hostgroup STRING); 
Authorization failed:No privilege 'Create' found for outputs { database:cpenney}. Use show grant to get more details. 
hive> show grant user cpenney on database cpenney; 
OK 
Time taken: 0.016 seconds 
hive> grant all on database cpenney to user cpenney; 
OK 
Time taken: 0.022 seconds 
hive> show grant user cpenney on database cpenney; 
OK 

database  cpenney 
principalName cpenney 
principalType USER 
privilege  All 
grantTime  Thu Sep 05 11:07:59 EDT 2013 
grantor [email protected] 
Time taken: 0.02 seconds, Fetched: 7 row(s) 
hive> create table test (hostgroup STRING); 
Authorization failed:No privilege 'Create' found for outputs { database:cpenney}. Use show grant to get more details. 

我使用以下設置(一些從這個貼刪減):

<property> 
    <name>hive.security.authorization.enabled</name> 
    <value>true</value> 
</property> 

<property> 
    <name>hive.security.authorization.createtable.owner.grants</name> 
    <value>ALL</value> 
</property> 

<property> 
    <name>hive.security.metastore.authorization.enabled</name> 
    <value>true</value> 
</property> 

<property> 
    <name>hive.metastore.authorization.storage.checks</name> 
    <value>true</value> 
</property> 

<property> 
    <name>hive.security.metastore.authorization.manager</name> 
    <value>org.apache.hadoop.hive.ql.security.authorization.DefaultHiveMetastoreAuthorizationProvider</value> 
</property> 

<property> 
    <name>hive.security.metastore.authenticator.manager</name> 
    <value>org.apache.hadoop.hive.ql.security.HadoopDefaultMetastoreAuthenticator</value> 
</property> 

它似乎並不像hive.security.authorization.createtable.owner.grants選項正在做任何事情。當我查看/ user/hive /倉庫時,文件由同一用戶擁有,所以看起來是正確的。

我使用的是hadoop 1.1.1和hive 0.11。

謝謝!

回答

3

設置hive.security.authorization.enabled爲FALSE

您可以授予創建您的用戶名。

瞭解更多詳情:Hive Authorization

感謝, SSP