Column level permissions was added to Hive default authorization in HIVE-5837. That is why the TBL_COL_PRIV tables exists in the metastore. The problem with default auth is it isn't really secure, as anyone can grant anybody (including themselves) any privilege.

But Allen is correct that it doesn't work with the SQL Standard Authorization added in Hive 0.14. The only method using SQL standard auth out of the box is views. I believe using Apache Ranger (and maybe Apache Sentry, I'm not sure) with SQL standard auth you can get column level privileges.

Alan.

Nitin Pawar <mailto:[email protected]>
March 26, 2015 at 4:18
Column level security in hive was added at HIVE-5837 <https://issues.apache.org/jira/browse/HIVE-5837>

It has the PDF link for your readings.

https://cwiki.apache.org/confluence/display/Hive/AuthDev talks about setting column level permissions




--
Nitin Pawar
Allen <mailto:[email protected]>
March 26, 2015 at 4:09

Thanks for your replay.

If we handle the privileges by creating views, it will lead to lots of views in our database.

I found there is a table named TBL_COL_PRIV in hive metastore database, maybe this table is related to column privilege,but it is never used in hive. Anybody knew why?



--------------------------------


----- 原始邮件 -----
发件人:Daniel Haviv <[email protected]>
收件人:"[email protected]" <[email protected]>
主题:Re: how to set column level privileges
日期:2015年03月26日 18点42分

Create a view with the permitted columns and handle the privileges for it

Daniel

On 26 במרץ 2015, at 12:40, Allen <[email protected] <mailto:[email protected]>> wrote:

Reply via email to