将用户限制为Apache Hive中的授予架构(基于SQL Standard的Hive授权)

时间:2019-02-13 13:54:56

标签: hive

如何限制配置单元用户仅查看配置为与基于SQL Standard的配置单元授权一起使用的配置单元中的已授予架构?

通过限制,我的意思是删除用户未授予列表架构的权限的权限,未授予用户(显示架构;)的权限,并且不允许其他架构中的描述表(使用other_schema;描述表);

hive-site.xml

hive.security.authorization.enabled: true
hive.server2.enable.doAs: false
hive.users.in.admin.role: hive

hiveserver2-site.xml

hive.security.authorization.manager:
org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory
hive.security.authorization.enabled: true
hive.security.authenticator.manager:
org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator

配置模式和表

CREATE SCHEMA db_test1;
CREATE EXTERNAL TABLE db_test1.test_table_1 (title STRING, comment_count INT)
LOCATION 's3a://bucket/hive/test1/test_table_1';

CREATE SCHEMA db_test2;
CREATE EXTERNAL TABLE db_test2.test_table_2 (title STRING, comment_count INT)
LOCATION 's3a://bucket/hive/test2/test_table_2';

赠予

create role test1;
create role test2;
grant select on table db_test1.test_table_1 to role test1;
grant select on table db_test2.test_table_2 to role test2;
GRANT SELECT ON DATABASE db_test1 TO ROLE test1_role;
GRANT SELECT ON DATABASE db_test2 TO ROLE test2_role;
grant role test1 to user test1;
grant role test2 to user test1;

0 个答案:

没有答案