Hi all,
I met a problem with Hive Default Authorization - Legacy
Mode<https://cwiki.apache.org/confluence/display/Hive/Hive+Default+Authorization+-+Legacy+Mode>,
I tried to enable the authorization on hiveserver2, and this is my
hive-site.xml in hiveserver2 conf:
<property>
<name>hive.security.authorization.enabled</name>
<value>true</value>
</property>
<property>
<name>hive.security.authorization.createtable.owner.grants</name>
<value>ALL</value>
</property>
<property>
<name>hive.semantic.analyzer.hook</name>
<value>com.hive.auth.AuthHook</value>
<description>just for super administrator</description>
</property>
<property>
<name>hive.security.authorization.task.factory</name>
<value>org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactoryImpl</value>
</property>
The problem I met is that when I create a view of a table,and grant the select
privilege of the view to somebody,
then hive will check the view privilege first,and after that,hive check the
table privilege again.Like this:
create view v_dual as select * from dual;
grant select on v_dual to user test;
And when user test tried to execute this sql : select * from v_dual, hive
throws an Error: "Error: Error while compiling statement: No privilege 'Select'
found for inputs { database:default, table:dual, columnName:foo}
(state=42000,code=403)"
But the hive wiki says that The default authorization model in Hive can be used
to provide fine grained access control by creating views and granting access to
views instead of the underlying tables.
So I'm confused that why I am not performing this well as the wiki described.
