Hive open Sentry point to note

Enterprise 2019-11-30 07:52:07 views: null

This article is not to point configuration, you need to learn how to configure Look https://blog.51cto.com/smilemask/2043930

1.add jar is not available, the reason is because sentry think third-party jar package can obtain permission to bypass the data you want, then you need to reference how to solve real reference? cdh provide a parameter hive.reloadable.aux.jars.path, this parameter has been replaced by the new aux jar path, specify the lib directory after you uploaded to hiveserver2, the package name if there is duplication, you can use the reload command to reload. So how developers need to test how to do it? By creating a function that does not exist bypass, for example, I would like to quote a json-serde package, execute CREATE FUNCTION testfc AS 'test' in hql in using jar 'hdfs: ///tmp/json-serde_jar_file.jar'; this sentence will complain, but you will refer to hs2 jar package, and then execute the sql statement to, authorization should be noted that grant uri

2. Turn hdfs sentry synchronization. Will open the second option is basically hive open sentry, so permissions sql level and file system level have been security restrictions. When turned on, you specify the directory synchronization such as / user / hive / or library table at warehouse will become a hive: hive 771, and then view with hadoop fs getfacl can get this library table or some special user rights, or the rights and hive set permissions on the impala on the same. When the sentry returned, user and group permissions changes back to the original setting. It is noteworthy that, if it is in hdfs new data, or permission to open after hdfs synchronization, hive: hive 771, this requires additional processing, because users can not view this data. If the table is some external path, such as / tmp / aaa / database / table, when you set up additional synchronize directory / tmp / aaa, aaa directory does not have 771 hive: hive permissions to the library level will become like that because there are several positions hive is the default configuration directory

Guess you like

Origin blog.51cto.com/smilemask/2454693
Recommended
Ranking
Business team with OKR removed a stumbling block on the road of success
Huihai Semiconductor Boost LED Constant Current Driver Chip H6911 Solution
Leetcode 128. Longest Consecutive Sequence (Hash + Optimization)
JVM学习笔记(六)JMM和Volatile
java review-Calendar class
LeetCode Brushing Diary Hash Table I
Spring Cloud Config uses SVN as configuration source
__enter __, __ exit__ difference
Remove null values in String array
Basic difference --- child burst suffix array yxs bare title board title monotonous simple application stack string study to understand problems
Daily
More
2024-07-29(0)
2024-07-28(0)
2024-07-27(0)
2024-07-26(0)
2024-07-25(0)
2024-07-24(0)
2024-07-23(0)
2024-07-22(0)
2024-07-21(0)
2024-07-20(0)

Code World

© 2018 codetd.com