Re: SQL Standard Based Hive Authorization with CDH 5.X
You can also set them via hiveserver2-site.xml instead of passing them as commandline params. Let me make that more clear in the doc. On Thu, May 11, 2017 at 9:36 AM, Rob Andersonwrote: > You add the options to HiveServer2 Environment Advanced Configuration > Snippet (Safety Valve) via: > > HIVE_OPTS=--hiveconf hive.security.authorization. > manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory > --hiveconf hive.security.authorization.enabled=true --hiveconf > hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator > --hiveconf hive.metastore.uris='thrift://XX:9083' > > Works fine. > > Rob > > On Tue, May 9, 2017 at 3:59 PM, Rob Anderson > wrote: > >> Has anyone implemented SQL Standard Based Hive Authorization with CDH >> 5.5.2 (hive1.1.0)? >> >> Cloudera has confirmed that it's not supported, but I have a need that >> requires the implementation. >> >> I've followed: https://cwiki.apache.org/confl >> uence/display/Hive/SQL+Standard+Based+Hive+Authorization >> >> I've added the following to "HiveServer2 Advanced Configuration Snippet >> (Safety Valve) for hive-site.xml" via Cloudera Manager. >> >> >> >> hive.server2.enable.doAs >> >> false >> >> >> >> >> >> hive.users.in.admin.role >> >> oozie_runtime,hive,randerson >> >> >> >> >> >> hive.security.metastore.authorization.manager >> >> org.apache.hadoop.hive.ql.security.authorization.Meta >> StoreAuthzAPIAuthorizerEmbedOnly >> >> >> >> >> >> hive.security.authorization.manager >> >> org.apache.hadoop.hive.ql.security.authorization.plug >> in.sqlstd.SQLStdConfOnlyAuthorizerFactory >> >> >> >> >> >> hive.security.authorization.task.factory >> >> org.apache.hadoop.hive.ql.parse.authorization.HiveAut >> horizationTaskFactoryImpl >> >> >> >> >> I've tried adding the following start up options to "HiveServer2 >> Environment Advanced Configuration Snippet (Safety Valve)" via Cloudera >> Manager. >> >>- -hiveconf hive.security.authorization.ma >>nager=org.apache.hadoop.hive.ql.security.authorization.plugi >>n.sqlstd.SQLStdHiveAuthorizerFactory >> >> >>- -hiveconf hive.security.authorization.enabled=true >>- -hiveconf hive.security.authenticator.ma >>nager=org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator >>- -hiveconf hive.metastore.uris=' ' >> >> >> I get the following error: >> >> Could not parse: HiveServer2 Environment Advanced Configuration Snippet >> (Safety Valve) : Could not parse parameter 'hive_hs2_env_safety_valve'. >> Was expecting: valid variable name. Input: -hiveconf hive. >> security.authorization.manager=org.apache.hadoop.hive.q >> l.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory -hiveconf >> hive.security.authorization.enabled=true -hiveconf hive. >> security.authenticator.manager=org.apache.hadoop.hive.q >> l.security.SessionStateUserAuthenticator -hiveconf hive.metastore.uris=' >> ' >> >> So, in short - I'm not sure how to start hiveserver2 with those options. >> Any help you can offer is appreciated. >> >> Thanks, >> >> Rob >> >> >> >> >> >> >> >> >> >
Re: SQL Standard Based Hive Authorization with CDH 5.X
You add the options to HiveServer2 Environment Advanced Configuration Snippet (Safety Valve) via: HIVE_OPTS=--hiveconf hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory --hiveconf hive.security.authorization.enabled=true --hiveconf hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator --hiveconf hive.metastore.uris='thrift://XX:9083' Works fine. Rob On Tue, May 9, 2017 at 3:59 PM, Rob Andersonwrote: > Has anyone implemented SQL Standard Based Hive Authorization with CDH > 5.5.2 (hive1.1.0)? > > Cloudera has confirmed that it's not supported, but I have a need that > requires the implementation. > > I've followed: https://cwiki.apache.org/confl > uence/display/Hive/SQL+Standard+Based+Hive+Authorization > > I've added the following to "HiveServer2 Advanced Configuration Snippet > (Safety Valve) for hive-site.xml" via Cloudera Manager. > > > > hive.server2.enable.doAs > > false > > > > > > hive.users.in.admin.role > > oozie_runtime,hive,randerson > > > > > > hive.security.metastore.authorization.manager > > org.apache.hadoop.hive.ql.security.authorization. > MetaStoreAuthzAPIAuthorizerEmbedOnly > > > > > > hive.security.authorization.manager > > org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd. > SQLStdConfOnlyAuthorizerFactory > > > > > > hive.security.authorization.task.factory > > org.apache.hadoop.hive.ql.parse.authorization. > HiveAuthorizationTaskFactoryImpl > > > > > I've tried adding the following start up options to "HiveServer2 > Environment Advanced Configuration Snippet (Safety Valve)" via Cloudera > Manager. > >- -hiveconf hive.security.authorization.manager=org.apache.hadoop.hive. >ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory > > >- -hiveconf hive.security.authorization.enabled=true >- -hiveconf hive.security.authenticator.manager=org.apache.hadoop.hive. >ql.security.SessionStateUserAuthenticator >- -hiveconf hive.metastore.uris=' ' > > > I get the following error: > > Could not parse: HiveServer2 Environment Advanced Configuration Snippet > (Safety Valve) : Could not parse parameter 'hive_hs2_env_safety_valve'. > Was expecting: valid variable name. Input: -hiveconf hive. > security.authorization.manager=org.apache.hadoop.hive. > ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory -hiveconf > hive.security.authorization.enabled=true -hiveconf hive. > security.authenticator.manager=org.apache.hadoop.hive. > ql.security.SessionStateUserAuthenticator -hiveconf hive.metastore.uris=' > ' > > So, in short - I'm not sure how to start hiveserver2 with those options. > Any help you can offer is appreciated. > > Thanks, > > Rob > > > > > > > > >
SQL Standard Based Hive Authorization with CDH 5.X
Has anyone implemented SQL Standard Based Hive Authorization with CDH 5.5.2 (hive1.1.0)? Cloudera has confirmed that it's not supported, but I have a need that requires the implementation. I've followed: https://cwiki.apache.org/confluence/display/Hive/SQL+ Standard+Based+Hive+Authorization I've added the following to "HiveServer2 Advanced Configuration Snippet (Safety Valve) for hive-site.xml" via Cloudera Manager. hive.server2.enable.doAs false hive.users.in.admin.role oozie_runtime,hive,randerson hive.security.metastore.authorization.manager org.apache.hadoop.hive.ql.security.authorization.MetaStoreAuthzAPIAuthorizerEmbedOnly hive.security.authorization.manager org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdConfOnlyAuthorizerFactory hive.security.authorization.task.factory org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactoryImpl I've tried adding the following start up options to "HiveServer2 Environment Advanced Configuration Snippet (Safety Valve)" via Cloudera Manager. - -hiveconf hive.security.authorization.manager=org.apache.hadoop. hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory - -hiveconf hive.security.authorization.enabled=true - -hiveconf hive.security.authenticator.manager=org.apache.hadoop. hive.ql.security.SessionStateUserAuthenticator - -hiveconf hive.metastore.uris=' ' I get the following error: Could not parse: HiveServer2 Environment Advanced Configuration Snippet (Safety Valve) : Could not parse parameter 'hive_hs2_env_safety_valve'. Was expecting: valid variable name. Input: -hiveconf hive .security.authorization.manager=org.apache.hadoop.hive .ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory -hiveconf hive.security.authorization.enabled=true -hiveconf hive .security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator -hiveconf hive.metastore.uris=' ' So, in short - I'm not sure how to start hiveserver2 with those options. Any help you can offer is appreciated. Thanks, Rob