1
我已经将Kerberos设置为配置单元的安全模型,但我努力获得权限。现在,用户可以创建和删除数据库罚款,但不能创建一个表:Hive创建权限w /安全启用
hive> show databases;
OK
cpenney
default
Time taken: 0.051 seconds, Fetched: 2 row(s)
hive> drop database cpenney;
OK
Time taken: 0.098 seconds
hive> create database cpenney;
OK
Time taken: 0.062 seconds
hive> create table test (hostgroup STRING);
Authorization failed:No privilege 'Create' found for outputs { database:cpenney}. Use show grant to get more details.
hive> show grant user cpenney on database cpenney;
OK
Time taken: 0.016 seconds
hive> grant all on database cpenney to user cpenney;
OK
Time taken: 0.022 seconds
hive> show grant user cpenney on database cpenney;
OK
database cpenney
principalName cpenney
principalType USER
privilege All
grantTime Thu Sep 05 11:07:59 EDT 2013
grantor [email protected]
Time taken: 0.02 seconds, Fetched: 7 row(s)
hive> create table test (hostgroup STRING);
Authorization failed:No privilege 'Create' found for outputs { database:cpenney}. Use show grant to get more details.
我使用以下设置(一些从这个贴删减):
<property>
<name>hive.security.authorization.enabled</name>
<value>true</value>
</property>
<property>
<name>hive.security.authorization.createtable.owner.grants</name>
<value>ALL</value>
</property>
<property>
<name>hive.security.metastore.authorization.enabled</name>
<value>true</value>
</property>
<property>
<name>hive.metastore.authorization.storage.checks</name>
<value>true</value>
</property>
<property>
<name>hive.security.metastore.authorization.manager</name>
<value>org.apache.hadoop.hive.ql.security.authorization.DefaultHiveMetastoreAuthorizationProvider</value>
</property>
<property>
<name>hive.security.metastore.authenticator.manager</name>
<value>org.apache.hadoop.hive.ql.security.HadoopDefaultMetastoreAuthenticator</value>
</property>
它似乎并不像hive.security.authorization.createtable.owner.grants选项正在做任何事情。当我查看/ user/hive /仓库时,文件由同一用户拥有,所以看起来是正确的。
我使用的是hadoop 1.1.1和hive 0.11。
谢谢!