Versions Compared

Old Version 32

changes.mady.by.user Lefty Leverenz

Saved on

compared with

New Version 33

changes.mady.by.user Lefty Leverenz

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: doc hive.conf.restricted.list and put it & hive.security.command.whitelist in new section

...

Authentication/Authorization

Restricted List and Whitelist

hive.

...

conf.

...

restricted.

...

list
  • Default Value:

...

  • (empty, but includes this list implicitly)
  • Added In:

...

Comma separated list of configuration properties which are immutable at runtime. For example, if

Enable or disable the Hive client authorization.

hive.security.authorization.

...

enabled is set to true, it should be included in this list to prevent a client from changing it to false at runtime.

hive.security.command.whitelist
  • Default Value: set,reset,dfs,add,delete
  • Added In: Hive 0.13.0 with HIVE-5400

Comma separated list of non-SQL Hive commands that users are authorized to execute. This can be used to restrict the set of authorized commands. The currently supported command list is "set,reset,dfs,add,delete" and by default all these commands are authorized. To restrict any of these commands, set hive.security.command.whitelist to a value that does not have the command in it.

 

Hive Client Security

hive.security.authorization.enabled
  • Default Value: false
  • Added In:

Enable or disable the Hive client authorization

  • Default Value: org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider
  • Added In:

The Hive client authorization manager class name. The user defined authorization class should implement interface org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider.

hive.security.authenticator.manager
  • Default Value: org.apache.hadoop.hive.ql.security.HadoopDefaultAuthenticator
  • Added In:

Hive client authenticator manager class name. The user-defined authenticator should implement interface org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider.

hive.security.authorization.createtable.user.grants
  • Default Value: (empty)
  • Added In:

The privileges automatically granted to some users whenever a table gets created. An example like "userX,userY:select;userZ:create" will grant select privilege to userX and userY, and grant create privilege to userZ whenever a new table created.

hive.security.authorization.

...

manager
  • Default Value: (empty) org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider
  • Added In:

The privileges automatically granted to some groups whenever a table gets created. An example like "groupX,groupY:select;groupZ:create" will grant select privilege to groupX and groupY, and grant create privilege to groupZ whenever a new table created.

hive.security.authorization.createtable.role.grants
  • Default Value: (empty)
  • Added In:

Hive client authorization manager class name. The user defined authorization class should implement interface org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider.

hive.security.authenticator.manager
  • Default Value: org.apache.hadoop.hive.ql.security.HadoopDefaultAuthenticator
  • Added In:

Hive client authenticator manager class name. The user-defined authenticator should implement interface org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider.

hive.security.authorization.createtable.user.grants
  • Default Value: (empty)
  • Added In:

The privileges automatically granted to some users whenever a table gets created. An example like "userX,userY:select;userZThe privileges automatically granted to some roles whenever a table gets created. An example like "roleX,roleY:select;roleZ:create" will grant select privilege to roleX userX and roleYuserY, and grant create privilege to roleZ userZ whenever a new table created.

hive.security.authorization.createtable.

...

group.grants
  • Default Value: (empty)
  • Added In:

The privileges automatically granted to the owner some groups whenever a table gets created. An example like "select,dropgroupX,groupY:select;groupZ:create" will grant select and drop privilege to the owner of the tableprivilege to groupX and groupY, and grant create privilege to groupZ whenever a new table created.

hive.security.

...

authorization.createtable.role.grants
  • Default Value: set,reset,dfs,add,delete(empty)
  • Added In: Hive 0.13.0 with HIVE-5400

The privileges automatically granted to some roles whenever a table gets created. An example like "roleX,roleY:select;roleZ:create" will grant select privilege to roleX and roleY, and grant create privilege to roleZ whenever a new table created.

hive.security.authorization.createtable.owner.grants
  • Default Value: (empty)
  • Added In:

The privileges automatically granted to the owner whenever a table gets created. An example like "select,drop" will grant select and drop privilege to the owner of the tableComma separated list of non-SQL Hive commands that users are authorized to execute. This can be used to restrict the set of authorized commands. The currently supported command list is "set,reset,dfs,add,delete" and by default all these commands are authorized. To restrict any of these commands, set hive.security.command.whitelist to a value that does not have the command in it.

Hive Metastore Security

hive.security.metastore.authorization.manager

...