Hi Team,
Per the documentation for Hive Storage based authorization in Hive, it has
2 uses:
1. Metastore side authorization
2. Client side authorization
I have some questions because after enabling client side authorization by
adding below configurations in hive-site.xml on client side, I
got NullPointerException when querying talbes.However I can run “show
tables” without issue.
<property>
<name>hive.security.authorization.enabled</name>
<value>true</value>
</property>
<property>
<name>hive.security.authorization.manager</name>
<value>org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider</value>
</property>
hive> select * from testorc limit 1;
FAILED: NullPointerException null
>From hive.log:
2015-01-16 14:29:55,157 ERROR ql.Driver (SessionState.java:printError(419))
- FAILED: NullPointerException null
java.lang.NullPointerException
at
org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider.authorize(StorageBasedAuthorizationProvider.java:173)
at org.apache.hadoop.hive.ql.Driver.doAuthorization(Driver.java:699)
at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:507)
at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:351)
at org.apache.hadoop.hive.ql.Driver.compileInternal(Driver.java:977)
at org.apache.hadoop.hive.ql.Driver.runInternal(Driver.java:1020)
at org.apache.hadoop.hive.ql.Driver.run(Driver.java:913)
at org.apache.hadoop.hive.ql.Driver.run(Driver.java:903)
at org.apache.hadoop.hive.cli.CliDriver.processLocalCmd(CliDriver.java:268)
at org.apache.hadoop.hive.cli.CliDriver.processCmd(CliDriver.java:220)
at org.apache.hadoop.hive.cli.CliDriver.processLine(CliDriver.java:422)
at org.apache.hadoop.hive.cli.CliDriver.executeDriver(CliDriver.java:790)
at org.apache.hadoop.hive.cli.CliDriver.run(CliDriver.java:684)
at org.apache.hadoop.hive.cli.CliDriver.main(CliDriver.java:623)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.hadoop.util.RunJar.main(RunJar.java:197)
1. Can we setup SBAP on both client side and also metastore side?
2. If so, which configuration needed on each side?
Per
https://cwiki.apache.org/confluence/display/Hive/Storage+Based+Authorization+in+the+Metastore+Server
,
My understanding is:
Put below 2 parameters in hive-site.xml on metastore side:
hive.metastore.pre.event.listeners
hive.security.metastore.authorization.manager
Per
https://cwiki.apache.org/confluence/display/HCATALOG/Storage+Based+Authorization
, put below 2 parameters in hive-site.xml on client side:
hive.security.authorization.enabled
hive.security.authorization.manager
Am I right?
3. Can I use only client side SBAP or only metastore side SBAP?
4. Any ideas on above error message?
Thanks!
--
Thanks,
www.openkb.info
(Open KnowledgeBase for Hadoop/Database/OS/Network/Tool)
