I created the mysql database (with the simple create database command)
and the remote metastore seemed to creat the mysql tables. Here's
some grant information and what I see in the database:
[hduser@aholmes-desktop conf]$ hive
hive> grant all to user hduser;
OK
Time taken: 0.334 seconds
hive> show grant user hduser;
OK
principalName hduser
principalType USER
privilege All
grantTime 1314191500
grantor hduser
Time taken: 0.046 seconds
hive> CREATE TABLE pokes (foo INT, bar STRING);
FAILED: Hive Internal Error:
org.apache.hadoop.hive.ql.metadata.HiveException(org.apache.thrift.TApplicationException:
get_privilege_set failed: unknown result)
org.apache.hadoop.hive.ql.metadata.HiveException:
org.apache.thrift.TApplicationException: get_privilege_set failed:
unknown result
at
org.apache.hadoop.hive.ql.metadata.Hive.get_privilege_set(Hive.java:1617)
at
org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorizeUserPriv(DefaultHiveAuthorizationProvider.java:201)
at
org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorizeUserAndDBPriv(DefaultHiveAuthorizationProvider.java:226)
at
org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorize(DefaultHiveAuthorizationProvider.java:89)
...
mysql> use hive;
Database changed
mysql> select * from GLOBAL_PRIVS;
+---------------+-------------+--------------+---------+--------------+----------------+----------------+-----------+
| USER_GRANT_ID | CREATE_TIME | GRANT_OPTION | GRANTOR | GRANTOR_TYPE
| PRINCIPAL_NAME | PRINCIPAL_TYPE | USER_PRIV |
+---------------+-------------+--------------+---------+--------------+----------------+----------------+-----------+
| 1 | 1314191500 | 0 | hduser | USER
| hduser | USER | All |
+---------------+-------------+--------------+---------+--------------+----------------+----------------+-----------+
1 row in set (0.00 sec)
Thanks for your help,
Alex
On Tue, Aug 23, 2011 at 1:27 PM, yongqiang he <heyongqiang...@gmail.com> wrote:
> Have you created the metastore mysql tables for authorization? Can u
> do a show grant?
>
> thanks
> yongqiang
> On Tue, Aug 16, 2011 at 2:55 PM, Alex Holmes <grep.a...@gmail.com> wrote:
>> Hi all,
>>
>> I've been struggling with getting Hive authorization to work for a few
>> hours, and I really hope someone can help me. I installed Hive 0.7.1
>> on top of Hadoop 0.20.203. I'm using mysql for the metastore, and
>> configured Hive to enable authorization:
>>
>> <property>
>> <name>hive.security.authorization.enabled</name>
>> <value>true</value>
>> <description>enable or disable the hive client authorization</description>
>> </property>
>>
>> I kept all the other Hive security configs with their default settings.
>>
>> I'm running in pseudo-distributed mode on a single node. HDFS, the Hive
>> metastore and the Hive CLI are all running as the same user (the HDFS
>> superuser). Here are the sequence of steps that are causing me issues.
>> Without authorization everything works perfectly (creating, loading,
>> selecting).
>> I've also tried creating and loading the table without authorization,
>> granting
>> the select privilege at various levels (global, table, database), turning on
>> auth and performing the select, resulting in the same exception.
>>
>> Any help with this would be greatly appreciated!
>>
>> Thanks,
>> Alex
>>
>> --
>>
>> [hduser@aholmes-desktop ~]$ hive
>> Hive history file=/tmp/hduser/hive_job_log_hduser_201108162158_1976573160.txt
>> hive> set hive.security.authorization.enabled=false;
>> hive> grant all to user hduser;
>> OK
>> Time taken: 0.233 seconds
>> hive> set hive.security.authorization.enabled=true;
>> hive> CREATE TABLE pokes3 (foo INT, bar STRING);
>> FAILED: Hive Internal Error:
>> org.apache.hadoop.hive.ql.metadata.HiveException(org.apache.thrift.TApplicationException:
>> get_privilege_set failed: unknown result)
>> org.apache.hadoop.hive.ql.metadata.HiveException:
>> org.apache.thrift.TApplicationException: get_privilege_set failed:
>> unknown result
>> at
>> org.apache.hadoop.hive.ql.metadata.Hive.get_privilege_set(Hive.java:1617)
>> at
>> org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorizeUserPriv(DefaultHiveAuthorizationProvider.java:201)
>> at
>> org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorizeUserAndDBPriv(DefaultHiveAuthorizationProvider.java:226)
>> at
>> org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorize(DefaultHiveAuthorizationProvider.java:89)
>> at org.apache.hadoop.hive.ql.Driver.doAuthorization(Driver.java:433)
>> at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:393)
>> at org.apache.hadoop.hive.ql.Driver.run(Driver.java:736)
>> at org.apache.hadoop.hive.cli.CliDriver.processCmd(CliDriver.java:164)
>> at
>> org.apache.hadoop.hive.cli.CliDriver.processLine(CliDriver.java:241)
>> at org.apache.hadoop.hive.cli.CliDriver.main(CliDriver.java:456)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> at java.lang.reflect.Method.invoke(Method.java:597)
>> at org.apache.hadoop.util.RunJar.main(RunJar.java:156)
>> Caused by: org.apache.thrift.TApplicationException: get_privilege_set
>> failed: unknown result
>> at
>> org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.recv_get_privilege_set(ThriftHiveMetastore.java:2414)
>> at
>> org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.get_privilege_set(ThriftHiveMetastore.java:2379)
>> at
>> org.apache.hadoop.hive.metastore.HiveMetaStoreClient.get_privilege_set(HiveMetaStoreClient.java:1042)
>> at
>> org.apache.hadoop.hive.ql.metadata.Hive.get_privilege_set(Hive.java:1615)
>> ... 14 more
>>
>
