Help Center > > User Guide> MRS Cluster Component Operation Guide> Using Hive> Configuring Hive Permissions

Configuring Hive Permissions

Updated at: Apr 28, 2020 GMT+08:00

To use the Hive component in a security cluster with Kerberos authentication enabled, you need to configure permissions for Hive first.

Hive Permission Configuration

  1. Log in to MRS Manager and choose System > Manage Role > Create Role.
  2. Enter a role name, for example, hiverole.
  3. Edit permissions.

    • Choose Hive > Hive Admin Privilege. If you want to use this permission, run the set role admin command to set the permission before running SQL statements.
    • Choose Hive > Hive Read Write Privileges to set permissions to manage data of created tables.

      Select the permissions of a database as required. To specify permissions on tables, click the database name and select the permissions of the tables.

      Figure 1 Creating a role

  4. Click OK to save the role.
  5. Choose System > Manage User > Create User.
  6. Create a user that contains the hive group and is bound to hiverole.

    Figure 2 Creating a user

  7. After the user is created, you can run the SQL statement using the user.

Reference

  • If the SQL statement involves operations on an HDFS file, the user must have the owner permission on the HDFS path. If the path does not exist, the user must have the read and write permissions of the parent directory. Add permissions on HDFS to the role by referring to Hive Permission Configuration.
  • This file must be on the HiveServer node when the load data local inpath command is executed. User omm has the read permission on the file and the read and execution permissions on the directory of the file. The user who runs the command must have the read and write permissions on the file. The file name cannot start with an underscore (_) or period (.). A file whose name starts with an underscore (_) or period (.) will be ignored.
  • The user who runs the load data inpath command must have the read and write permissions on the file and the execution permission on the directory of the file. The current user must have the write permission on the directory corresponding to the table, because the load operation moves the file to the directory. The file name cannot start with an underscore (_) or period (.). A file whose name starts with an underscore (_) or period (.) will be ignored.
  • When using SQL statements to submit a task to a specified queue, you must have permission to submit the task to a Yarn queue. (On MRS Manager, choose System > Manage Role > Create Role > Permission, and select Yarn > Scheduler Queue. Select the specified queue, and select Submit and Admin.) Click OK to save the settings.

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?







Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel