By default the 'hive' user is treated as a Sentry admin (i.e. can run GRANT/REVOKE), but not a HiveServer2 admin (i.e. cannot run CREATE/etc.). You will need to explicitly self-declare hive user as an admin role on HS2 via the following style of grants, to be able to properly act as admin over a HS2.
CREATE ROLE admin_role; GRANT ALL ON SERVER server1 TO ROLE admin_role; GRANT ROLE admin_role TO GROUP hive; On Thu, May 14, 2015 at 8:55 AM, Liping Zhang <[email protected]> wrote: > Hi Junjie, > > I thought "hive" user should be the "admin_role" of beeline, so there is no > need to grant command for "hive" user, since in my another cluster, "hive" > user has the admin role with all permission in beeline once after I enabled > sentry. > > Please feel free to correct me if I miss something. Thanks! > > On Thu, May 14, 2015 at 9:57 AM, Ma, Junjie <[email protected]> wrote: >> >> Hello Michelle, >> You enable the sentry for hive, do you grant the properly >> permission to user "hive" to show the tables? >> >> Best regards, >> >> Colin Ma(Ma Jun Jie) >> >> >> -----Original Message----- >> From: Liping Zhang [mailto:[email protected]] >> Sent: Thursday, May 14, 2015 8:35 AM >> To: [email protected]; [email protected]; [email protected]; >> [email protected]; [email protected]; >> [email protected] >> Subject: Re: "show databases" doesn't return all databases with >> Kerberos/Sentry enabled >> >> Thanks Szehon, Prasad, and TheJas. I added sentry mailing list. >> >> Dear Sentry, >> >> This is very strange issue. I also tried rolling back the configuration, >> but it still could not return right databases list with "show databases". >> >> Do you have any idea? Thanks very much for your help in advance! >> >> >> >> On Thu, May 14, 2015 at 3:05 AM, Szehon Ho <[email protected]> wrote: >> >> > Hi Liping >> > >> > Do you want to check the Sentry mailing list as well? They might know >> > more about this scenario. >> > >> > Thanks >> > Szehon >> > >> > On Wed, May 13, 2015 at 10:18 AM, Liping Zhang <[email protected]> >> > wrote: >> > >> >> Dear all, >> >> >> >> I installed CDH, kerberos, sentry to enable security for hive >> >> beeline. I did following commands: >> >> >> >> # kinit -k -t hive.keytab hive/ >> >> [email protected] >> >> >> >> # beeline -u >> >> "jdbc:hive2://ip-172-31-9-84.us-west-2.compute.internal:10000/default >> >> ;principal=hive/ [email protected]" >> >> >> >> >> >> and in beeline CLI: >> >> # show databases >> >> # show tables >> >> these 2 "show" commands did work well and return all the databases >> >> and tables we had. >> >> >> >> However, after I changed some configuration and restart hive, and >> >> rerun above commands with "hive" user, it was strange that in >> >> beeline CLI, *"show databases" and "show tables" didn't return all >> >> the databases and tables we had, instead, they only returned one >> >> "default" database, and no tables >> >> returned.* >> >> >> >> >> The configuration change I remembered included: >> >> Adding: >> >> >> >> <property> >> >> <name>hive.server2.authentication</name> >> >> <value>KERBEROS</value> >> >> </property> >> >> To Hive Client Configuration Safety Valve for hive-site.xml (Gateway >> >> service in CM) properly modified the hive-site.xml for Hue Server. >> >> >> >> >> >> The commands in beeline I remembered after restarting hive, and >> >> before running "show databases" and "show tables" was: >> >> # create role role1; >> >> # show roles; >> >> # show current roles; >> >> >> >> after that, the "hive" user in beeline could only return "default" >> >> database with no tables for "show databases" and "show tables" command. >> >> >> >> >> >> And I checked /user/hive/warehouse dir, all the databases and tables >> >> files did existed. >> >> >> >> >> >> Did anyone met this kind of issue before? Any comments and discussion >> >> are highly appreciated! >> >> >> >> >> >> -- >> >> Cheers, >> >> ----- >> >> Big Data - Big Wisdom - Big Value >> >> -------------- >> >> Michelle Zhang (Liping Zhang) >> >> >> > >> > >> >> >> -- >> Cheers, >> ----- >> Big Data - Big Wisdom - Big Value >> -------------- >> Michelle Zhang (Liping Zhang) > > > > > -- > Cheers, > ----- > Big Data - Big Wisdom - Big Value > -------------- > Michelle Zhang (Liping Zhang) -- Harsh J
