Home Forums Hortonworks Sandbox Hive permissions in 2.1 Sandbox

Tagged: 

This topic contains 7 replies, has 4 voices, and was last updated by  Matt Tucker 2 months ago.

  • Creator
    Topic
  • #54373

    Alex K
    Participant

    Hi,

    I’m having issues using Hive on Sandbox 2.1 with JDBC driver. I’m using user “hue” and find that almost no permissions are set, but I am not able to give this user admin rights.

    I tried:
    1. Set general SELECT grant to user hue:

    hive> grant select to user hue;
    OK
    Time taken: 0.65 seconds
    hive> show grant user hue;
    OK
    hue USER Select false 1400792265000 root
    Time taken: 0.612 seconds, Fetched: 1 row(s)

    This doesn’t give me any select rights to a table like default.sample_08.

    2. Set table-specific select rights to user hue:
    hive> grant select on table sample_08 to user hue;
    OK
    Time taken: 0.474 seconds
    show grant user hue;
    OK
    Time taken: 0.639 seconds

    This gives me select rights on user hue, but for some reason the grant is not shown on “show grant” .

    3. Grant admin role to user hue

    hive> grant role admin to user hue;
    OK
    Time taken: 1.075 seconds
    hive> show role grant user hue;
    OK
    admin false 1400864190000 root
    public false 0
    Time taken: 0.686 seconds, Fetched: 2 row(s)

    This doesn’t seem to give user hue any additional privileges.

    4. Assign user hue admin rights in hive-site.xml configuration:

    Added the following lines inside hive-site.xml and restarted sandbox:

    <property>
    <name>hive.users.in.admin.role</name>
    <value>hue</value>
    </property>

    This also has no effect on the permissions of user hue.

    Now my questions:
    - What did I do wrong in the steps above, or are there bugs?
    - Are there any other hive admin users already configured in Sandbox 2.1?
    - Is there doc on the table output of the “show grant” commands? I’d like to know what the “false” and other number there indicate.

    Thanks!
    Alex

Viewing 7 replies - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.

  • Author
    Replies
  • #57577

    Matt Tucker
    Participant

    It turns out that there’s a separate hive-site.xml file for the HiveServer2 in /etc/hive/conf.server/hive-site.xml

    Collapse
    #57085

    Hello,
    I have a problem with these permissions. And i have to add the Select permission to my user Hue. But could you please tell me where we are supposed to write this request : grant select to user hue;

    Thank you

    Collapse
    #54409

    Alex K
    Participant

    I also ran the set command in beeline:

    0: jdbc:hive2://localhost:10000> set;
    +——————————————————————————+

    | hive.security.authorization.enabled=true

    So for some reason the Hive configuration used by beeline and JDBC is using a different set of configuration properties than what’s set in hive-site.xml.

    Regards,
    Alex

    Collapse
    #54408

    Alex K
    Participant

    Hi Ian,

    I was unable to get this going. I started on a clean environment to make sure:

    1. Import clean Sandbox 2.1 OVA and start VM
    2. Login as root and edit /etc/hive/conf/hive-site.xml
    3. Change hive authorization entry to the following:
    <property>
    <name>hive.security.authorization.enabled</name>
    <value>false</value>
    </property>
    4. Restart sandbox VM
    5. Open Hue/Beeswax and check the Settings table; “hive.security.authorization.enabled false” is shown.
    6. Open beeline and try the following:

    [root@sandbox etc]# beeline
    Beeline version 0.13.0.2.1.1.0-385 by Apache Hive
    beeline> !connect jdbc:hive2://localhost:10000 hue xxx org.apache.hive.jdbc.HiveDriver
    Connecting to jdbc:hive2://localhost:10000
    Connected to: Apache Hive (version 0.13.0.2.1.1.0-385)
    Driver: Hive JDBC (version 0.13.0.2.1.1.0-385)
    Transaction isolation: TRANSACTION_REPEATABLE_READ
    0: jdbc:hive2://localhost:10000> select count(*) from sample_08;
    Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied. Principal [name=hue, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.sample_08] : [SELECT] (state=42000,code=40000)

    Anything else I can try?
    Thanks,
    Alex

    Collapse
    #54382

    iandr413
    Moderator

    Hi Alex,
    If you are not concerned about security and are just testing, you can disable this under hive by setting hive.security.authorization.enabled = false

    If you want to use security, try using org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider for the hive.security.authorization.manager and hive.security.metastore.authorization.manager settings. I just tested and that works. The default setting of org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider tries to look at the hdfs storage permissions rather than the hive grant authorization.

    I hope this helps

    Ian

    Collapse
    #54377

    Alex K
    Participant

    Hi,

    Thanks for the quick reply!

    The hive client has full permissions when I use it as OS user root, but I’m using JDBC. I can replicate the JDBC behavior in beeline:

    [root@sandbox ~]# beeline
    Beeline version 0.13.0.2.1.1.0-385 by Apache Hive
    beeline> !connect jdbc:hive2://localhost:10000 hive xxx org.apache.hive.jdbc.HiveDriver
    Connecting to jdbc:hive2://localhost:10000
    Connected to: Apache Hive (version 0.13.0.2.1.1.0-385)
    Driver: Hive JDBC (version 0.13.0.2.1.1.0-385)
    Transaction isolation: TRANSACTION_REPEATABLE_READ
    0: jdbc:hive2://localhost:10000> select * from default.sample_08;
    Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied. Principal [name=hive, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.sample_08] : [SELECT] (state=42000,code=40000)
    0: jdbc:hive2://localhost:10000>

    The same happens for users hue, hive, superuser, admin, sample, and root. I get a little further when I do the grant select on table… statements for a given user in the hive client, but I just like to set admin rights on a user I can use with JDBC.

    Regards,
    Alex

    Collapse
    #54375

    iandr413
    Moderator

    Hi Alex,
    What is returned when you try to run a select on say sample_08? Hive user and root user should be able to execute statements in hive client.

    Ian

    Collapse
Viewing 7 replies - 1 through 7 (of 7 total)