THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Hive Authorization
...
| Table of Contents |
|---|
Disclaimer
...
- ALL - Gives users all privileges
- ALTER - Allows users to modify the metadata of an object
- UPDATE - Allows users to modify the physical data of an object
- CREATE - Allows users to create objects. For a database, this means users can create tables, and for a table, this means users can create partitions
- DROP - Allows users to drop objects
- INDEX - Allows users to create indexes on an object (Note: this is not currently implemented)
- LOCK - Allows users to lock or unlock tables when concurrency is enabled
- SELECT - Allows users to access data for objects
- SHOW_DATABASE - Allows users to view available databases
Grant/Revoke Privileges
| Code Block |
|---|
GRANT
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
[ON object_type]
TO principal_specification [, principal_specification] ...
[WITH GRANT OPTION]
REVOKE
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
[ON object_type priv_level]
FROM principal_specification [, principal_specification] ...
REVOKE ALL PRIVILEGES, GRANT OPTION
FROM user [, user] ...
object_type:
TABLE
| DATABASE
priv_level:
db_name
| tbl_name
|
Viewing Granted Privileges
| Code Block |
|---|
SHOW GRANT principal_specification
[ON object_type priv_level [(column_list)]]
|
Hive Operations and Required Privileges
As of the release of Hive 0.7, only these operations require permissions, according to org.apache.hadoop.hive.ql.plan.HiveOperation:
Operation | ALTER | UPDATE | CREATE | DROP | INDEX | LOCK | SELECT | SHOW_DATABASE |
LOAD |
| X |
|
|
|
|
|
|
EXPORT |
|
|
|
|
|
| X |
|
IMPORT | X | X |
|
|
|
|
|
|
CREATE TABLE |
|
| X |
|
|
|
|
|
CREATE TABLE AS SELECT |
|
| X |
|
|
| X |
|
DROP TABLE |
|
|
| X |
|
|
|
|
SELECT |
|
|
|
|
|
| X |
|
ALTER TABLE ADD COLUMN | X |
|
|
|
|
|
|
|
ALTER TABLE REPLACE COLUMN | X |
|
|
|
|
|
|
|
ALTER TABLE RENAME | X |
|
|
|
|
|
|
|
ALTER TABLE ADD PARTITION |
|
| X |
|
|
|
|
|
ALTER TABLE DROP PARTITION |
|
|
| X |
|
|
|
|
ALTER TABLE ARCHIVE |
| X |
|
|
|
|
|
|
ALTER TABLE UNARCHIVE |
| X |
|
|
|
|
|
|
ALTER TABLE SET PROPERTIES | X |
|
|
|
|
|
|
|
ALTER TABLE SET SERDE | X |
|
|
|
|
|
|
|
ALTER TABLE SET SERDE | X |
|
|
|
|
|
|
|
ALTER TABLE SET SERDEPROPERTIES | X |
|
|
|
|
|
|
|
ALTER TABLE CLUSTER BY | X |
|
|
|
|
|
|
|
ALTER TABLE PROTECT MODE | X |
|
|
|
|
|
|
|
ALTER PARTITION PROTECT MODE | X |
|
|
|
|
|
|
|
ALTER TABLE SET FILEFORMAT | X |
|
|
|
|
|
|
|
ALTER PARTITION SET FILEFORMAT | X |
|
|
|
|
|
|
|
ALTER TABLE SET LOCATION |
| X |
|
|
|
|
|
|
ALTER PARTITION SET LOCATION |
| X |
|
|
|
|
|
|
ALTER TABLE CONCATENATE |
| X |
|
|
|
|
|
|
ALTER PARTITION CONCATENATE |
| X |
|
|
|
|
|
|
SHOW DATABASES |
|
|
|
|
|
|
| X |
LOCK TABLE |
|
|
|
|
| X |
|
|
UNLOCK TABLE |
|
|
|
|
| X |
|
|