This is a bug. Will open a jira to fix this. and will backport it to 0.7.1. https://issues.apache.org/jira/browse/HIVE-2405
thanks for reporting this one! On Wed, Aug 24, 2011 at 6:25 AM, Alex Holmes <grep.a...@gmail.com> wrote: > I created the mysql database (with the simple create database command) > and the remote metastore seemed to creat the mysql tables. Here's > some grant information and what I see in the database: > > [hduser@aholmes-desktop conf]$ hive > hive> grant all to user hduser; > OK > Time taken: 0.334 seconds > hive> show grant user hduser; > OK > > principalName hduser > principalType USER > privilege All > grantTime 1314191500 > grantor hduser > Time taken: 0.046 seconds > hive> CREATE TABLE pokes (foo INT, bar STRING); > FAILED: Hive Internal Error: > org.apache.hadoop.hive.ql.metadata.HiveException(org.apache.thrift.TApplicationException: > get_privilege_set failed: unknown result) > org.apache.hadoop.hive.ql.metadata.HiveException: > org.apache.thrift.TApplicationException: get_privilege_set failed: > unknown result > at > org.apache.hadoop.hive.ql.metadata.Hive.get_privilege_set(Hive.java:1617) > at > org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorizeUserPriv(DefaultHiveAuthorizationProvider.java:201) > at > org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorizeUserAndDBPriv(DefaultHiveAuthorizationProvider.java:226) > at > org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorize(DefaultHiveAuthorizationProvider.java:89) > ... > > mysql> use hive; > Database changed > mysql> select * from GLOBAL_PRIVS; > +---------------+-------------+--------------+---------+--------------+----------------+----------------+-----------+ > | USER_GRANT_ID | CREATE_TIME | GRANT_OPTION | GRANTOR | GRANTOR_TYPE > | PRINCIPAL_NAME | PRINCIPAL_TYPE | USER_PRIV | > +---------------+-------------+--------------+---------+--------------+----------------+----------------+-----------+ > | 1 | 1314191500 | 0 | hduser | USER > | hduser | USER | All | > +---------------+-------------+--------------+---------+--------------+----------------+----------------+-----------+ > 1 row in set (0.00 sec) > > > Thanks for your help, > Alex > > On Tue, Aug 23, 2011 at 1:27 PM, yongqiang he <heyongqiang...@gmail.com> > wrote: >> Have you created the metastore mysql tables for authorization? Can u >> do a show grant? >> >> thanks >> yongqiang >> On Tue, Aug 16, 2011 at 2:55 PM, Alex Holmes <grep.a...@gmail.com> wrote: >>> Hi all, >>> >>> I've been struggling with getting Hive authorization to work for a few >>> hours, and I really hope someone can help me. I installed Hive 0.7.1 >>> on top of Hadoop 0.20.203. I'm using mysql for the metastore, and >>> configured Hive to enable authorization: >>> >>> <property> >>> <name>hive.security.authorization.enabled</name> >>> <value>true</value> >>> <description>enable or disable the hive client authorization</description> >>> </property> >>> >>> I kept all the other Hive security configs with their default settings. >>> >>> I'm running in pseudo-distributed mode on a single node. HDFS, the Hive >>> metastore and the Hive CLI are all running as the same user (the HDFS >>> superuser). Here are the sequence of steps that are causing me issues. >>> Without authorization everything works perfectly (creating, loading, >>> selecting). >>> I've also tried creating and loading the table without authorization, >>> granting >>> the select privilege at various levels (global, table, database), turning on >>> auth and performing the select, resulting in the same exception. >>> >>> Any help with this would be greatly appreciated! >>> >>> Thanks, >>> Alex >>> >>> -- >>> >>> [hduser@aholmes-desktop ~]$ hive >>> Hive history >>> file=/tmp/hduser/hive_job_log_hduser_201108162158_1976573160.txt >>> hive> set hive.security.authorization.enabled=false; >>> hive> grant all to user hduser; >>> OK >>> Time taken: 0.233 seconds >>> hive> set hive.security.authorization.enabled=true; >>> hive> CREATE TABLE pokes3 (foo INT, bar STRING); >>> FAILED: Hive Internal Error: >>> org.apache.hadoop.hive.ql.metadata.HiveException(org.apache.thrift.TApplicationException: >>> get_privilege_set failed: unknown result) >>> org.apache.hadoop.hive.ql.metadata.HiveException: >>> org.apache.thrift.TApplicationException: get_privilege_set failed: >>> unknown result >>> at >>> org.apache.hadoop.hive.ql.metadata.Hive.get_privilege_set(Hive.java:1617) >>> at >>> org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorizeUserPriv(DefaultHiveAuthorizationProvider.java:201) >>> at >>> org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorizeUserAndDBPriv(DefaultHiveAuthorizationProvider.java:226) >>> at >>> org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorize(DefaultHiveAuthorizationProvider.java:89) >>> at org.apache.hadoop.hive.ql.Driver.doAuthorization(Driver.java:433) >>> at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:393) >>> at org.apache.hadoop.hive.ql.Driver.run(Driver.java:736) >>> at >>> org.apache.hadoop.hive.cli.CliDriver.processCmd(CliDriver.java:164) >>> at >>> org.apache.hadoop.hive.cli.CliDriver.processLine(CliDriver.java:241) >>> at org.apache.hadoop.hive.cli.CliDriver.main(CliDriver.java:456) >>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>> at >>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >>> at >>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >>> at java.lang.reflect.Method.invoke(Method.java:597) >>> at org.apache.hadoop.util.RunJar.main(RunJar.java:156) >>> Caused by: org.apache.thrift.TApplicationException: get_privilege_set >>> failed: unknown result >>> at >>> org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.recv_get_privilege_set(ThriftHiveMetastore.java:2414) >>> at >>> org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.get_privilege_set(ThriftHiveMetastore.java:2379) >>> at >>> org.apache.hadoop.hive.metastore.HiveMetaStoreClient.get_privilege_set(HiveMetaStoreClient.java:1042) >>> at >>> org.apache.hadoop.hive.ql.metadata.Hive.get_privilege_set(Hive.java:1615) >>> ... 14 more >>> >> >
