Data Access
Also available as:
PDF
loading table of contents...

Configuring SQL Standard-Based Authorization

Prerequisite

You must have permission to run Hive commands as admin.

Steps

Use the following procedure to configure SQL standard-based authorization for Hive:

  1. Set the following configuration properties in the hive-site.xml file to enable SQL standard-based authorization.

    • hive.server2.enable.doAs

      Allows Hive queries to be run by the user who submits the query, rather than by the hive user. Must be set to false for SQL standard-based authorization.

    • hive.users.in.admin.role

      Comma-separated list of users assigned to the admin role.

  2. Grant the ADMIN privilege to the admin role:

    GRANT admin TO USER hiveadmin;

  3. Start HiveServer2 with the following command-line option settings:

    Command line option

    Required value

    hive.security.authorization.manager

    org.apache.hadoop.hive.ql.security.authorization.plugin.sql

    hive.security.authorization.enabled

    true

    hive.security.authenticator.manager

    org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator

    hive.metastore.uris

    "" (Quotation marks surrounding a single empty space)

    These properties appear in the following snippet of the hive-site.xml file:

    <property>
     <name>hive.security.authorization.manager</name> 
     <value>org.apache.hadoop.hive.ql.security.authorization.plugin.sql</ value>
    </property>
    
    <property>
     <name>hive.security.authorization.enabled</name>
     <value>true</value>
    </property>
    
    <property>
     <name>hive.security.authenticator.manager</name>
     <value>org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator</value>
    </property>
    
    <property>
     <name>hive.metastore.uris</name>
     <value>""</value>
    </property>