THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
| Table of Contents |
|---|
Introduction
Hive provides multiple ways to authorize users:
- Client authorization (default Hive authorization)
- Metastore server security (storage-based authorization)
- This is the first and default authorization implementation. It can be enabled in hive command line or hive server2. However, when authorization is enabled in hive client, it can easily be disabled by the user. There is also the problem that authorization model used by this mode is incomplete, and as a result has some serious gaps in security. For example, there is no restriction on which user can run a grant statement.
- Metastore server security (storage-based authorization) HDFS permissions provides access control for the data. Storage based authorization in hive metastore provides access control for the hive metadata. This authorization mode provides secure authorization for hive commandline, hcatalog users such as pig and mapreduce, and hive server2 users (when configured to run queries as the end user). However, the access control is at the database/table/partition level. It does not provide row or column level access control.
- SQL standards based authorization (introduced in Hive 0.13.0) Provides access control to users who run query via HiveServer2. It provides fine grained access control at row and column level through the use of views. It is not supported in hive commandline. Use of storage based authorization is reccomended in conjunction with this mode, to provide authorization for hive commandline or hcatalog (pig/mapreduce) use cases.SQL standards based authorization (introduced in Hive 0.13.0)
Hive Client Authorization
...