I have a Hadoop cluster running CDH4 version. I am having issues giving privileges to users on hive. My requirement is for each linux user I need to create a database on hive and give access to only that user(or group). So other users should not be able to see those tables or do anything with them. I already have separate folders in HDFS for each user with selective permissions. Here is what I have done:
- My Hive is connected to oracle 11g as its metastore. The tables are all created. - Modify /etc/hive/conf/hive-site.xml and make set "hive.security.authorization.enabled" = true. Also "hive.security.authorization.createtable.owner.grants" = All. - Created Linux users demo1 & demo2 with same group name i.e. demo1 & demo2 Logged in hive prompt as root, and created 2 databases demo1db & demo2db. - Created 2 roles, demo1_role & demo2_role Assigned the groups to the role i.e. demo1 group belongs to demo1_role & demo2 group belongs to demo2_role. - Grant "All" to demo1db to demo1_role and demo2db to demo2_role - Login as demo1 and get into the hive prompt. Create table demo1db.table1. - Login as demo2 and get into hive prompt. Drop table demo1db.table1. *And it allows to drop !!!!.*Though it cannot delete the associated data in HDFS as demo2 does not have access to the folder that demo1 controls. The table is dropped from metastore. The same happens when I create table with demo2 user and demo1 is able to drop it. What have I done wrong? Also I noticed that when I do "show tables;" under demo1, it does not show anything? Any suggestions? Regards, Rahul Sarma
