启用授权选项,默认是false,后面的授权操作基于此选项为true进行
set hive.security.authorization.enabled=true
========================基于用户的授权===============================
获取当前用户
set system:user.name
授权在指定库下面删除表
grant drop on database db_1 to user yuzt
授权在指定库下面创建表
GRANT CREATE ON DATABASE db_1 TO USER yuzt;
授权查询某个表
grant select on table db_1.t3 to user yuzt
查看某个用户在指定库上有哪些权限
SHOW GRANT USER yuzt on DATABASE db_1;
结果:
hive> SHOW GRANT USER yuzt on DATABASE db_1;
OK
db_1 yuzt USER CREATE false 1464055421000 yuzt
db_1 yuzt USER DROP false 1464055458000 yuzt
收回权限
hive> revoke create on database db_1 from user yuzt;
=========基于用户组的授权(用户组是Linux系统定义的用户,下面的yuzt是用户组名)=========
grant select on table db_1.t3 to group yuzt;
说明:可以使用如下命令查看当前系统有哪些组
less /etc/passwd
cat /etc/passwd |awk -F [:] '{print $4}' |sort|uniq | getent group |awk -F [:] '{print $1}'
=================基于角色的授权===============================
创建角色
hive> create role create_on_db_1;
为角色赋予数据库对象的操作权限
grant create on database db_1 to role create_on_db_1
将角色授予某个用户
grant role create_on_db_1 to user yuzt;
hive.security.authorization.createtable.owner.grants
该选项用于表示,表创建完成后,用户可以自动获取哪些授权,默认是null
对创建赋予所有权限
<property>
<name>hive.security.authorization.createtable.owner.grants</name>
<value>
ALL
</value>
<description>
The privileges automatically granted to the owner whenever a table gets created.An example like "select,drop" will grant select and drop privilege to the owner of the table
</description>
</property>
针对不同的用户默认赋予一些权限
<property>
<name>hive.security.authorization.createtable.user.grants</name>
<value>admin1,edward:select;user1:create</value>
</property>
【Hive十六】Hive SQL Standard Based Hive Authorization
猜你喜欢
转载自bit1129.iteye.com/blog/2300361
今日推荐
周排行