Hi all,
I've been struggling with getting Hive authorization to work for a few
hours, and I really hope someone can help me. I installed Hive 0.7.1
on top of Hadoop 0.20.203. I'm using mysql for the metastore, and
configured Hive to enable authorization:
<property>
<name>hive.security.authorization.enabled</name>
<value>true</value>
<description>enable or disable the hive client authorization</description>
</property>
I kept all the other Hive security configs with their default settings.
I'm running in pseudo-distributed mode on a single node. HDFS, the Hive
metastore and the Hive CLI are all running as the same user (the HDFS
superuser). Here are the sequence of steps that are causing me issues.
Without authorization everything works perfectly (creating, loading, selecting).
I've also tried creating and loading the table without authorization, granting
the select privilege at various levels (global, table, database), turning on
auth and performing the select, resulting in the same exception.
Any help with this would be greatly appreciated!
Thanks,
Alex
--
[hduser@aholmes-desktop ~]$ hive
Hive history file=/tmp/hduser/hive_job_log_hduser_201108162158_1976573160.txt
hive> set hive.security.authorization.enabled=false;
hive> grant all to user hduser;
OK
Time taken: 0.233 seconds
hive> set hive.security.authorization.enabled=true;
hive> CREATE TABLE pokes3 (foo INT, bar STRING);
FAILED: Hive Internal Error:
org.apache.hadoop.hive.ql.metadata.HiveException(org.apache.thrift.TApplicationException:
get_privilege_set failed: unknown result)
org.apache.hadoop.hive.ql.metadata.HiveException:
org.apache.thrift.TApplicationException: get_privilege_set failed:
unknown result
at
org.apache.hadoop.hive.ql.metadata.Hive.get_privilege_set(Hive.java:1617)
at
org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorizeUserPriv(DefaultHiveAuthorizationProvider.java:201)
at
org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorizeUserAndDBPriv(DefaultHiveAuthorizationProvider.java:226)
at
org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorize(DefaultHiveAuthorizationProvider.java:89)
at org.apache.hadoop.hive.ql.Driver.doAuthorization(Driver.java:433)
at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:393)
at org.apache.hadoop.hive.ql.Driver.run(Driver.java:736)
at org.apache.hadoop.hive.cli.CliDriver.processCmd(CliDriver.java:164)
at org.apache.hadoop.hive.cli.CliDriver.processLine(CliDriver.java:241)
at org.apache.hadoop.hive.cli.CliDriver.main(CliDriver.java:456)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.hadoop.util.RunJar.main(RunJar.java:156)
Caused by: org.apache.thrift.TApplicationException: get_privilege_set
failed: unknown result
at
org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.recv_get_privilege_set(ThriftHiveMetastore.java:2414)
at
org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.get_privilege_set(ThriftHiveMetastore.java:2379)
at
org.apache.hadoop.hive.metastore.HiveMetaStoreClient.get_privilege_set(HiveMetaStoreClient.java:1042)
at
org.apache.hadoop.hive.ql.metadata.Hive.get_privilege_set(Hive.java:1615)
... 14 more
