如何限制配置单元用户仅查看配置为与基于SQL Standard的配置单元授权一起使用的配置单元中的已授予架构?
通过限制,我的意思是删除用户未授予列表架构的权限的权限,未授予用户(显示架构;)的权限,并且不允许其他架构中的描述表(使用other_schema;描述表);
hive-site.xml
hive.security.authorization.enabled: true
hive.server2.enable.doAs: false
hive.users.in.admin.role: hive
hiveserver2-site.xml
hive.security.authorization.manager:
org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory
hive.security.authorization.enabled: true
hive.security.authenticator.manager:
org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator
配置模式和表
CREATE SCHEMA db_test1;
CREATE EXTERNAL TABLE db_test1.test_table_1 (title STRING, comment_count INT)
LOCATION 's3a://bucket/hive/test1/test_table_1';
CREATE SCHEMA db_test2;
CREATE EXTERNAL TABLE db_test2.test_table_2 (title STRING, comment_count INT)
LOCATION 's3a://bucket/hive/test2/test_table_2';
赠予
create role test1;
create role test2;
grant select on table db_test1.test_table_1 to role test1;
grant select on table db_test2.test_table_2 to role test2;
GRANT SELECT ON DATABASE db_test1 TO ROLE test1_role;
GRANT SELECT ON DATABASE db_test2 TO ROLE test2_role;
grant role test1 to user test1;
grant role test2 to user test1;