Required Permissions
Before developing an application based on this guide, ensure that the basic permissions of the users belong to a Hive group and obtain additional operation permissions from the system administrator. Table 1 describes the permission required for each operation. To run example programs, you must have the create permission for the default database.
|
Operation Type/Functional Object |
Operation |
Required Permission |
|---|---|---|
|
DATABASE |
CREATE DATABASE dbname [LOCATION "hdfs_path"] |
If the HDFS path hdfs_path is specified, the ownership and RWX permission of hdfs_path are required. |
|
DROP DATABASE dbname |
The database dbname ownership is required. |
|
|
ALTER DATABASE dbname SET OWNER user_or_role |
The admin permission is required. |
|
|
TABLE |
CREATE TABLE table_a |
The create permission for the database is required. |
|
CREATE TABLE table_a AS SELECT table_b |
The create permission for the database and the select permission for table_b are required. |
|
|
CREATE TABLE table_a LIKE table_b |
The create permission for the database is required. |
|
|
CREATE [EXTERNAL] TABLE table_a LOCATION "hdfs_path" |
The create permission for the database, and the ownership and RWX permission of hdfs_path on HDFS are required. |
|
|
DROP TABLE table_a |
The ownership of table_a is required. |
|
|
ALTER TABLE table_a SET LOCATION "hdfs_path" |
The ownership of table_a, and the ownership and RWX permission of hdfs_path on HDFS are required. |
|
|
ALTER TABLE table_a SET FILEFORMAT |
The ownership of table_a is required. |
|
|
TRUNCATE TABLE table_a |
The ownership of table_a is required. |
|
|
ANALYZE TABLE table_a COMPUTE STATISTICS |
The select and insert permission for table_a is required. |
|
|
SHOW TBLPROPERTIES table_a |
The select permission for table_a is required. |
|
|
SHOW CREATE TABLE table_a |
The select permission with grant option for table_a is required. |
|
|
Alter |
ALTER TABLE table_a ADD COLUMN |
The ownership of table_a is required. |
|
ALTER TABLE table_a REPLACE COLUMN |
The ownership of table_a is required. |
|
|
ALTER TABLE table_a RENAME |
The ownership of table_a is required. |
|
|
ALTER TABLE table_a SET SERDE |
The ownership of table_a is required. |
|
|
ALTER TABLE table_a CLUSTER BY |
The ownership of table_a is required. |
|
|
PARTITION |
ALTER TABLE table_a ADD PARTITION partition_spec LOCATION "hdfs_path" |
The insert permission for table_a, and the ownership and RWX permission of hdfs_path on HDFS are required. |
|
ALTER TABLE table_a DROP PARTITION partition_spec |
The delete permission for table_a is required. |
|
|
ALTER TABLE table_a PARTITION partition_spec SET LOCATION "hdfs_path" |
The ownership of table_a, and the ownership and RWX permission of hdfs_path on HDFS are required. |
|
|
ALTER TABLE table_a PARTITION partition_spec SET FILEFORMAT |
The ownership of table_a is required. |
|
|
LOAD |
LOAD INPATH 'hdfs_path' INTO TABLE table_a |
The insert permission for table_a, and the ownership and RWX permission of hdfs_path on HDFS are required. |
|
INSERT |
INSERT TABLE table_a SELECT FROM table_b |
The update permission for table_a and select permission for table_b are required. |
|
SELECT |
SELECT * FROM table_a |
The select permission for table_a is required. |
|
SELECT FROM table_a JOIN table_b |
The select permission for table_a and table_b, the Submit permission of the default Yarn queue is required. |
|
|
SELECT FROM (SELECT FROM table_a UNION ALL SELECT FROM table_b) |
The select permission for table_a and table_b, the Submit permission of the default Yarn queue is required. |
|
|
EXPLAIN |
EXPLAIN [EXTENDED|DEPENDENCY] query |
The RX permissions for related table directory is required. |
|
VIEW |
CREATE VIEW view_name AS SELECT ... |
The select permission with grant option for related tables is required. |
|
ALTER VIEW view_name RENAME TO new_view_name |
The ownership of view_name is required. |
|
|
DROP VIEW view_name |
The ownership of view_name is required. |
|
|
INDEX |
CREATE INDEX index_name ON TABLE base_table_name (col_name, ...) AS index_type |
The ownership of table_a is required. |
|
DROP INDEX index_name ON table_name |
The ownership of index_name is required. |
|
|
ALTER INDEX index_name ON table_name REBUILD |
The ownership of index_name is required. |
|
|
FUNCTION |
CREATE [TEMPORARY] FUNCTION function_name AS 'class_name' |
The admin permission is required. |
|
DROP [TEMPORARY] function_name |
The admin permission is required. |
|
|
MACRO |
CREATE TEMPORARY MACRO macro_name ... |
The admin permission is required. |
|
DROP TEMPORARY MACRO macro_name |
The admin permission is required. |
- You can perform all the previous operations when owning the admin permission of Hive and the corresponding directory permission of HDFS.
- If the current component uses Ranger for permission control, you need to configure permission management policies based on Ranger. For details, see Adding a Ranger Access Permission Policy for Hive.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
