我以pawel用户身份登录。在hive shell中,我在数据库中创建了一个数据库pawel_db和一个test_table,并用一行数据填充它。这是ls向我展示的内容:
[pawel@sandbox ~]$ hadoop fs -ls /apps/hive/warehouse
Found 6 items
drwxr-xr-x - pawel hdfs 0 2014-07-14 07:29 /apps/hive/warehouse/pawel_db.db
[...]
在shell中:
[pawel@sandbox ~]$ hive -e "use pawel_db; select * from test_table"
Logging initialized using configuration in file:/etc/hive/conf.dist/hive-log4j.properties
OK
Time taken: 9.926 seconds
OK
777
Time taken: 5.243 seconds, Fetched: 1 row(s)
一切似乎都很好。当我想通过jdbc进行一些查询时,问题就开始了:
Connection con = DriverManager.getConnection("jdbc:hive2://" + hiveHostAddress + ":" + hiveHostPort + "/pawel_db", "pawel", "");
Statement stmt = con.createStatement();
stmt.execute("select * from test_table");
引发异常:
Caused by: java.sql.SQLException: Error while compiling statement: FAILED: HiveAccessControlException Permission denied. Principal [name=pawel, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=pawel_db.test_table] : [SELECT]
但是,在hive中执行后:
grant SELECT on table test_table to user pawel;
没有例外。我是否真的需要手动为数据库的所有者授予选择权限?这似乎不符合逻辑。
答案 0 :(得分:2)
先决条件 为了使用Hive授权,应该在hive-site.xml中设置两个参数:
<property>
<name>hive.security.authorization.enabled</name>
<value>true</value>
<description>enable or disable the hive client authorization</description>
</property>
<property>
<name>hive.security.authorization.createtable.owner.grants</name>
<value>ALL</value>
<description>the privileges automatically granted to the owner whenever a table gets created.
An example like "select,drop" will grant select and drop privilege to the owner of the table</description>
</property>