You add the options to HiveServer2 Environment Advanced Configuration Snippet (Safety Valve) via:
HIVE_OPTS=--hiveconf hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory --hiveconf hive.security.authorization.enabled=true --hiveconf hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator --hiveconf hive.metastore.uris='thrift://XXXXXX:9083' Works fine. Rob On Tue, May 9, 2017 at 3:59 PM, Rob Anderson <rockclimbings...@gmail.com> wrote: > Has anyone implemented SQL Standard Based Hive Authorization with CDH > 5.5.2 (hive1.1.0)? > > Cloudera has confirmed that it's not supported, but I have a need that > requires the implementation. > > I've followed: https://cwiki.apache.org/confl > uence/display/Hive/SQL+Standard+Based+Hive+Authorization > > I've added the following to "HiveServer2 Advanced Configuration Snippet > (Safety Valve) for hive-site.xml" via Cloudera Manager. > > <property> > > <name>hive.server2.enable.doAs</name> > > <value>false</value> > > </property> > > <property> > > <name>hive.users.in.admin.role</name> > > <value>oozie_runtime,hive,randerson</value> > > </property> > > <property> > > <name>hive.security.metastore.authorization.manager</name> > > <value>org.apache.hadoop.hive.ql.security.authorization. > MetaStoreAuthzAPIAuthorizerEmbedOnly</value> > > </property> > > <property> > > <name>hive.security.authorization.manager</name> > > <value>org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd. > SQLStdConfOnlyAuthorizerFactory</value> > > </property> > > <property> > > <name>hive.security.authorization.task.factory</name> > > <value>org.apache.hadoop.hive.ql.parse.authorization. > HiveAuthorizationTaskFactoryImpl</value> > > </property> > > > I've tried adding the following start up options to "HiveServer2 > Environment Advanced Configuration Snippet (Safety Valve)" via Cloudera > Manager. > > - -hiveconf hive.security.authorization.manager=org.apache.hadoop.hive. > ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory > > > - -hiveconf hive.security.authorization.enabled=true > - -hiveconf hive.security.authenticator.manager=org.apache.hadoop.hive. > ql.security.SessionStateUserAuthenticator > - -hiveconf hive.metastore.uris=' ' > > > I get the following error: > > Could not parse: HiveServer2 Environment Advanced Configuration Snippet > (Safety Valve) : Could not parse parameter 'hive_hs2_env_safety_valve'. > Was expecting: valid variable name. Input: -hiveconf hive. > security.authorization.manager=org.apache.hadoop.hive. > ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory -hiveconf > hive.security.authorization.enabled=true -hiveconf hive. > security.authenticator.manager=org.apache.hadoop.hive. > ql.security.SessionStateUserAuthenticator -hiveconf hive.metastore.uris=' > ' > > So, in short - I'm not sure how to start hiveserver2 with those options. > Any help you can offer is appreciated. > > Thanks, > > Rob > > > > > > > > >
