THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
See details in the HCatalog Storage Based Authorization document.
Starting in hive Hive 0.14, storage based authorization authorizes read privilege on database and tables. The get_database api call needs database directory read privilege. The get_table_* calls that fetch table information and get_partition_* calls to list the partitions of a table require read privilege on the table directory. It is enabled by default with Storagebased storage based authorization. Set See hive.security.metastore.authorization.auth.reads in the next section on configuration.
...
hive.metastore.pre.event.listenersSet to
org.apache.hadoop.hive.ql.security.authorization.AuthorizationPreEventListener.This turns on metastore-side security.
hive.security.metastore.authorization.managerSet to
org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProviderStorageBasedAuthorizationProvider.This tells Hive which metastore-side authorization provider to use. The default setting uses
DefaultHiveMetastoreAuthorizationProvider, which implements the standard Hive grant/revoke model. To use an HDFS permission-based model (recommended) to do your authorization, useStorageBasedAuthorizationProvideras instructed above.Info title Versions 0.10.0 and 0.12.0 The
StorageBasedAuthorizationProviderwas introduced in Hive 0.10.0, running on the metastore side only (HIVE-3705). Starting in Hive 0.12.0 it also runs on the client side (HIVE-5048 and HIVE-5402).
hive.security.metastore.authenticator.manager
Set to
org.apache.hadoop.hive.ql.security.HadoopDefaultMetastoreAuthenticator.
hive.security.metastore.authorization.auth.reads
When this is set to true, hive Hive metastore authorization also checks for read access. It is set to true by default. Read authorization checks were introduced in hive Hive 0.14.0.
Sample hive-site.xml: Default Settings
...