Re: SQL Standard Based Hive Authorization with CDH 5.X

[Thejas Nair]

You can also set them via hiveserver2-site.xml instead of passing them as
commandline params.
Let me make that more clear in the doc.

On Thu, May 11, 2017 at 9:36 AM, Rob Anderson 
wrote:

> You add the options to HiveServer2 Environment Advanced Configuration
> Snippet (Safety Valve) via:
>
> HIVE_OPTS=--hiveconf hive.security.authorization.
> manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory
> --hiveconf hive.security.authorization.enabled=true --hiveconf
> hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator
> --hiveconf hive.metastore.uris='thrift://XX:9083'
>
> Works fine.
>
> Rob
>
> On Tue, May 9, 2017 at 3:59 PM, Rob Anderson 
> wrote:
>
>> Has anyone implemented SQL Standard Based Hive Authorization with CDH
>> 5.5.2 (hive1.1.0)?
>>
>> Cloudera has confirmed that it's not supported, but I have a need that
>> requires the implementation.
>>
>> I've followed: https://cwiki.apache.org/confl
>> uence/display/Hive/SQL+Standard+Based+Hive+Authorization
>>
>> I've added the following to "HiveServer2 Advanced Configuration Snippet
>> (Safety Valve) for hive-site.xml" via Cloudera Manager.
>>
>> 
>>
>> hive.server2.enable.doAs
>>
>> false
>>
>> 
>>
>> 
>>
>> hive.users.in.admin.role
>>
>> oozie_runtime,hive,randerson
>>
>> 
>>
>> 
>>
>> hive.security.metastore.authorization.manager
>>
>> org.apache.hadoop.hive.ql.security.authorization.Meta
>> StoreAuthzAPIAuthorizerEmbedOnly
>>
>> 
>>
>> 
>>
>> hive.security.authorization.manager
>>
>> org.apache.hadoop.hive.ql.security.authorization.plug
>> in.sqlstd.SQLStdConfOnlyAuthorizerFactory
>>
>> 
>>
>> 
>>
>> hive.security.authorization.task.factory
>>
>> org.apache.hadoop.hive.ql.parse.authorization.HiveAut
>> horizationTaskFactoryImpl
>>
>> 
>>
>>
>> I've tried adding the following start up options to "HiveServer2
>> Environment Advanced Configuration Snippet (Safety Valve)" via Cloudera
>> Manager.
>>
>>- -hiveconf hive.security.authorization.ma
>>nager=org.apache.hadoop.hive.ql.security.authorization.plugi
>>n.sqlstd.SQLStdHiveAuthorizerFactory
>>
>>
>>- -hiveconf hive.security.authorization.enabled=true
>>- -hiveconf hive.security.authenticator.ma
>>nager=org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator
>>- -hiveconf hive.metastore.uris=' '
>>
>>
>> I get the following error:
>>
>> Could not parse: HiveServer2 Environment Advanced Configuration Snippet
>> (Safety Valve) : Could not parse parameter 'hive_hs2_env_safety_valve'.
>> Was expecting: valid variable name. Input: -hiveconf hive.
>> security.authorization.manager=org.apache.hadoop.hive.q
>> l.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory -hiveconf
>> hive.security.authorization.enabled=true -hiveconf hive.
>> security.authenticator.manager=org.apache.hadoop.hive.q
>> l.security.SessionStateUserAuthenticator -hiveconf hive.metastore.uris='
>> '
>>
>> So, in short - I'm not sure how to start hiveserver2 with those options.
>> Any help you can offer is appreciated.
>>
>> Thanks,
>>
>> Rob
>>
>>
>>
>>
>>
>>
>>
>>
>>
>

Re: SQL Standard Based Hive Authorization with CDH 5.X

[Rob Anderson]

You add the options to HiveServer2 Environment Advanced Configuration
Snippet (Safety Valve) via:

HIVE_OPTS=--hiveconf
hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory
--hiveconf hive.security.authorization.enabled=true --hiveconf
hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator
--hiveconf hive.metastore.uris='thrift://XX:9083'

Works fine.

Rob

On Tue, May 9, 2017 at 3:59 PM, Rob Anderson 
wrote:

> Has anyone implemented SQL Standard Based Hive Authorization with CDH
> 5.5.2 (hive1.1.0)?
>
> Cloudera has confirmed that it's not supported, but I have a need that
> requires the implementation.
>
> I've followed: https://cwiki.apache.org/confl
> uence/display/Hive/SQL+Standard+Based+Hive+Authorization
>
> I've added the following to "HiveServer2 Advanced Configuration Snippet
> (Safety Valve) for hive-site.xml" via Cloudera Manager.
>
> 
>
> hive.server2.enable.doAs
>
> false
>
> 
>
> 
>
> hive.users.in.admin.role
>
> oozie_runtime,hive,randerson
>
> 
>
> 
>
> hive.security.metastore.authorization.manager
>
> org.apache.hadoop.hive.ql.security.authorization.
> MetaStoreAuthzAPIAuthorizerEmbedOnly
>
> 
>
> 
>
> hive.security.authorization.manager
>
> org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.
> SQLStdConfOnlyAuthorizerFactory
>
> 
>
> 
>
> hive.security.authorization.task.factory
>
> org.apache.hadoop.hive.ql.parse.authorization.
> HiveAuthorizationTaskFactoryImpl
>
> 
>
>
> I've tried adding the following start up options to "HiveServer2
> Environment Advanced Configuration Snippet (Safety Valve)" via Cloudera
> Manager.
>
>- -hiveconf hive.security.authorization.manager=org.apache.hadoop.hive.
>ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory
>
>
>- -hiveconf hive.security.authorization.enabled=true
>- -hiveconf hive.security.authenticator.manager=org.apache.hadoop.hive.
>ql.security.SessionStateUserAuthenticator
>- -hiveconf hive.metastore.uris=' '
>
>
> I get the following error:
>
> Could not parse: HiveServer2 Environment Advanced Configuration Snippet
> (Safety Valve) : Could not parse parameter 'hive_hs2_env_safety_valve'.
> Was expecting: valid variable name. Input: -hiveconf hive.
> security.authorization.manager=org.apache.hadoop.hive.
> ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory -hiveconf
> hive.security.authorization.enabled=true -hiveconf hive.
> security.authenticator.manager=org.apache.hadoop.hive.
> ql.security.SessionStateUserAuthenticator -hiveconf hive.metastore.uris='
> '
>
> So, in short - I'm not sure how to start hiveserver2 with those options.
> Any help you can offer is appreciated.
>
> Thanks,
>
> Rob
>
>
>
>
>
>
>
>
>