Home Forums Security HDP Advanced Security – hive connector

This topic contains 4 replies, has 2 voices, and was last updated by  Krzysztof Adamski 3 months, 3 weeks ago.

  • Creator
    Topic
  • #57600

    Krzysztof Adamski
    Participant

    I am struggling to make advanced security work with hive. I wonder if there is a mistake in the documentation.
    Point 4.2.3.2 Configure Hive

    Property name: hive.security.authorization.manager change from org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider to org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider

    Looks exactly the same. Which authorization provider should be chosen here?

Viewing 4 replies - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

  • Author
    Replies
  • #58144

    Krzysztof Adamski
    Participant

    Yes. The value for this property is set as expected.
    Nevertheless we are now struggling making kerberos work and since it is really difficult for a beginner to debug this Advanced Security (connection problem error, any details?) we will go rather with standard ACLs in HDFS and roles in hive.

    We will get back to this tool in future.

    Logging initialized using configuration in file:/etc/hive/conf.dist/hive-log4j.properties
    hive> show databases;
    [EL Warning]: metadata: 2014-07-31 07:16:02.298–ServerSession(256152745)–Class [com.xasecure.audit.entity.XXBaseAuditEvent] specifies discriminatorType=INTEGER and uses [XXBaseAuditEvent] as the discriminatorValue. That value cannot be converted to an integer. We will attempt to use this value in String format.
    OK
    default
    Time taken: 3.391 seconds, Fetched: 1 row(s)

    Collapse
    #58133

    Don Bosco Durai
    Participant

    Can you check your hive.server2.custom.authentication.class property in Ambari? It should be com.xasecure.authentication.hive.LoginNameAuthenticator

    Collapse
    #57704

    Krzysztof Adamski
    Participant

    Thanks. The agent is now connected.
    However I get an error when starting hive. Any ideas?

    [EL Warning]: metadata: 2014-07-23 11:44:09.354–ServerSession(2076218862)–Class [com.xasecure.audit.entity.XXBaseAuditEvent] specifies discriminatorType=INTEGER and uses [XXBaseAuditEvent] as the discriminatorValue. That value cannot be converted to an integer. We will attempt to use this value in String format.
    FAILED: RuntimeException org.apache.hadoop.hive.ql.metadata.HiveException: java.lang.ClassCastException: com.xasecure.authorization.hive.authorizer.XaSecureAuthorizer cannot be cast to org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider

    Collapse
    #57658

    Don Bosco Durai
    Participant

    Apologize for the typo. We will fix the document.

    Here is the value you need to use:

    com.xasecure.authorization.hive.authorizer.XaSecureAuthorizer

    If you copy/pasting values from the PDF document, then make sure you there are no spaces between word (e.g. with a class path)

    Collapse
Viewing 4 replies - 1 through 4 (of 4 total)