You might find my slides on this topic useful - http://www.slideshare.net/thejasmn/hive-authorization-models
Also linked from last slide - https://cwiki.apache.org/confluence/display/HCATALOG/Storage+Based+Authorization On Tue, Sep 17, 2013 at 11:46 PM, Nitin Pawar <nitinpawar...@gmail.com> wrote: > The link I gave in previous mail explains how can you user level > authorizations in hive. > > > > On Mon, Sep 16, 2013 at 7:57 PM, <shouvanik.hal...@accenture.com> wrote: >> >> Hi Nitin, >> >> >> >> I want it secured. >> >> >> >> Yes, I would like to give specific access to specific users. E.g. “select >> * from” access to some and “add/modify/delete” options to some >> >> >> >> >> >> “What kind of security do you have on hdfs? “ >> >> I could not follow this question >> >> >> >> Thanks, >> >> Shouvanik >> >> From: Nitin Pawar [mailto:nitinpawar...@gmail.com] >> Sent: Monday, September 16, 2013 6:50 PM >> To: Haldar, Shouvanik >> Cc: user@hive.apache.org >> Subject: Re: User accounts to execute hive queries >> >> >> >> You will need to tell few more things. >> >> Do you want it secured? >> >> Do you distinguish users in different categories on what one particular >> user can do or not? >> >> What kind of security do you have on hdfs? >> >> >> >> >> >> It is definitely possible for users to run queries on their own username >> but then you have to take few measures as well. >> >> which user can do what action. Which user can access what location on hdfs >> etc >> >> >> >> For user management on hive side you can read at >> https://cwiki.apache.org/Hive/languagemanual-authorization.html >> >> >> >> if you do not want to go through the secure way, >> >> then add all the users to one group and then grant permissions to that >> group on your warehouse directory. >> >> >> >> other way if the table data is not shared then, >> >> create individual directory for each user on hdfs and give only that user >> access to that directory. >> >> >> ________________________________ >> This message is for the designated recipient only and may contain >> privileged, proprietary, or otherwise confidential information. If you have >> received it in error, please notify the sender immediately and delete the >> original. Any other use of the e-mail by you is prohibited. >> >> Where allowed by local law, electronic communications with Accenture and >> its affiliates, including e-mail and instant messaging (including content), >> may be scanned by our systems for the purposes of information security and >> assessment of internal compliance with Accenture policy. >> >> >> ______________________________________________________________________________________ >> >> www.accenture.com > > > > > -- > Nitin Pawar -- CONFIDENTIALITY NOTICE NOTICE: This message is intended for the use of the individual or entity to which it is addressed and may contain information that is confidential, privileged and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any printing, copying, dissemination, distribution, disclosure or forwarding of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and delete it from your system. Thank You.
