Updated on 2022-11-18 GMT+08:00

Required Permissions

Before developing an application based on this guide, ensure that the basic permissions of the users belong to a Hive group and obtain additional operation permissions from the system administrator. Table 1 describes the permission required for each operation. To run example programs, you must have the create permission for the default database.

Table 1 Required permissions

Operation Type/Functional Object

Operation

Required Permission

DATABASE

CREATE DATABASE dbname [LOCATION "hdfs_path"]

If the HDFS path hdfs_path is specified, the ownership and RWX permission of hdfs_path are required.

DROP DATABASE dbname

The database dbname ownership is required.

ALTER DATABASE dbname SET OWNER user_or_role

The admin permission is required.

TABLE

CREATE TABLE table_a

The create permission for the database is required.

CREATE TABLE table_a AS SELECT table_b

The create permission for the database and the select permission for table_b are required.

CREATE TABLE table_a LIKE table_b

The create permission for the database is required.

CREATE [EXTERNAL] TABLE table_a LOCATION "hdfs_path"

The create permission for the database, and the ownership and RWX permission of hdfs_path on HDFS are required.

DROP TABLE table_a

The ownership of table_a is required.

ALTER TABLE table_a SET LOCATION "hdfs_path"

The ownership of table_a, and the ownership and RWX permission of hdfs_path on HDFS are required.

ALTER TABLE table_a SET FILEFORMAT

The ownership of table_a is required.

TRUNCATE TABLE table_a

The ownership of table_a is required.

ANALYZE TABLE table_a COMPUTE STATISTICS

The select and insert permission for table_a is required.

SHOW TBLPROPERTIES table_a

The select permission for table_a is required.

SHOW CREATE TABLE table_a

The select permission with grant option for table_a is required.

Alter

ALTER TABLE table_a ADD COLUMN

The ownership of table_a is required.

ALTER TABLE table_a REPLACE COLUMN

The ownership of table_a is required.

ALTER TABLE table_a RENAME

The ownership of table_a is required.

ALTER TABLE table_a SET SERDE

The ownership of table_a is required.

ALTER TABLE table_a CLUSTER BY

The ownership of table_a is required.

PARTITION

ALTER TABLE table_a ADD PARTITION partition_spec LOCATION "hdfs_path"

The insert permission for table_a, and the ownership and RWX permission of hdfs_path on HDFS are required.

ALTER TABLE table_a DROP PARTITION partition_spec

The delete permission for table_a is required.

ALTER TABLE table_a PARTITION partition_spec SET LOCATION "hdfs_path"

The ownership of table_a, and the ownership and RWX permission of hdfs_path on HDFS are required.

ALTER TABLE table_a PARTITION partition_spec SET FILEFORMAT

The ownership of table_a is required.

LOAD

LOAD INPATH 'hdfs_path' INTO TABLE table_a

The insert permission for table_a, and the ownership and RWX permission of hdfs_path on HDFS are required.

INSERT

INSERT TABLE table_a SELECT FROM table_b

The update permission for table_a and select permission for table_b are required.

SELECT

SELECT * FROM table_a

The select permission for table_a is required.

SELECT FROM table_a JOIN table_b

The select permission for table_a and table_b, the Submit permission of the default Yarn queue is required.

SELECT FROM (SELECT FROM table_a UNION ALL SELECT FROM table_b)

The select permission for table_a and table_b, the Submit permission of the default Yarn queue is required.

EXPLAIN

EXPLAIN [EXTENDED|DEPENDENCY] query

The RX permissions for related table directory is required.

VIEW

CREATE VIEW view_name AS SELECT ...

The select permission with grant option for related tables is required.

ALTER VIEW view_name RENAME TO new_view_name

The ownership of view_name is required.

DROP VIEW view_name

The ownership of view_name is required.

INDEX

CREATE INDEX index_name ON TABLE base_table_name (col_name, ...) AS index_type

The ownership of table_a is required.

DROP INDEX index_name ON table_name

The ownership of index_name is required.

ALTER INDEX index_name ON table_name REBUILD

The ownership of index_name is required.

FUNCTION

CREATE [TEMPORARY] FUNCTION function_name AS 'class_name'

The admin permission is required.

DROP [TEMPORARY] function_name

The admin permission is required.

MACRO

CREATE TEMPORARY MACRO macro_name ...

The admin permission is required.

DROP TEMPORARY MACRO macro_name

The admin permission is required.

  • You can perform all the previous operations when owning the admin permission of Hive and the corresponding directory permission of HDFS.
  • If the current component uses Ranger for permission control, you need to configure permission management policies based on Ranger. For details, see Adding a Ranger Access Permission Policy for Hive.