Required Permissions
Before developing an application based on this guide, ensure that the basic permissions of the users belong to a Hive group and obtain additional operation permissions from the system administrator. Table 1 describes the permission required for each operation. To run example programs, you must have the create permission for the default database.
|
Operation Type/Functional Object |
Operation |
Required Permission |
|---|---|---|
|
DATABASE |
CREATE DATABASE dbname [LOCATION "hdfs_path"] |
If the HDFS path hdfs_path is specified, the ownership and RWX permission of hdfs_path are required. |
|
DROP DATABASE dbname |
The database dbname ownership is required. |
|
|
ALTER DATABASE dbname SET OWNER user_or_role |
The admin permission is required. |
|
|
TABLE |
CREATE TABLE table_a |
The create permission for the database is required. |
|
CREATE TABLE table_a AS SELECT table_b |
The create permission for the database and the select permission for table_b are required. |
|
|
CREATE TABLE table_a LIKE table_b |
The create permission for the database is required. |
|
|
CREATE [EXTERNAL] TABLE table_a LOCATION "hdfs_path" |
The create permission for the database, and the ownership and RWX permission of hdfs_path on HDFS are required. |
|
|
DROP TABLE table_a |
The ownership of table_a is required. |
|
|
ALTER TABLE table_a SET LOCATION "hdfs_path" |
The ownership of table_a, and the ownership and RWX permission of hdfs_path on HDFS are required. |
|
|
ALTER TABLE table_a SET FILEFORMAT |
The ownership of table_a is required. |
|
|
TRUNCATE TABLE table_a |
The ownership of table_a is required. |
|
|
ANALYZE TABLE table_a COMPUTE STATISTICS |
The select and insert permission for table_a is required. |
|
|
SHOW TBLPROPERTIES table_a |
The select permission for table_a is required. |
|
|
SHOW CREATE TABLE table_a |
The select permission with grant option for table_a is required. |
|
|
Alter |
ALTER TABLE table_a ADD COLUMN |
The ownership of table_a is required. |
|
ALTER TABLE table_a REPLACE COLUMN |
The ownership of table_a is required. |
|
|
ALTER TABLE table_a RENAME |
The ownership of table_a is required. |
|
|
ALTER TABLE table_a SET SERDE |
The ownership of table_a is required. |
|
|
ALTER TABLE table_a CLUSTER BY |
The ownership of table_a is required. |
|
|
PARTITION |
ALTER TABLE table_a ADD PARTITION partition_spec LOCATION "hdfs_path" |
The insert permission for table_a, and the ownership and RWX permission of hdfs_path on HDFS are required. |
|
ALTER TABLE table_a DROP PARTITION partition_spec |
The delete permission for table_a is required. |
|
|
ALTER TABLE table_a PARTITION partition_spec SET LOCATION "hdfs_path" |
The ownership of table_a, and the ownership and RWX permission of hdfs_path on HDFS are required. |
|
|
ALTER TABLE table_a PARTITION partition_spec SET FILEFORMAT |
The ownership of table_a is required. |
|
|
LOAD |
LOAD INPATH 'hdfs_path' INTO TABLE table_a |
The insert permission for table_a, and the ownership and RWX permission of hdfs_path on HDFS are required. |
|
INSERT |
INSERT TABLE table_a SELECT FROM table_b |
The update permission for table_a and select permission for table_b are required. |
|
SELECT |
SELECT * FROM table_a |
The select permission for table_a is required. |
|
SELECT FROM table_a JOIN table_b |
The select permission for table_a and table_b, the Submit permission of the default Yarn queue is required. |
|
|
SELECT FROM (SELECT FROM table_a UNION ALL SELECT FROM table_b) |
The select permission for table_a and table_b, the Submit permission of the default Yarn queue is required. |
|
|
EXPLAIN |
EXPLAIN [EXTENDED|DEPENDENCY] query |
The RX permissions for related table directory is required. |
|
VIEW |
CREATE VIEW view_name AS SELECT ... |
The select permission with grant option for related tables is required. |
|
ALTER VIEW view_name RENAME TO new_view_name |
The ownership of view_name is required. |
|
|
DROP VIEW view_name |
The ownership of view_name is required. |
|
|
INDEX |
CREATE INDEX index_name ON TABLE base_table_name (col_name, ...) AS index_type |
The ownership of table_a is required. |
|
DROP INDEX index_name ON table_name |
The ownership of index_name is required. |
|
|
ALTER INDEX index_name ON table_name REBUILD |
The ownership of index_name is required. |
|
|
FUNCTION |
CREATE [TEMPORARY] FUNCTION function_name AS 'class_name' |
The admin permission is required. |
|
DROP [TEMPORARY] function_name |
The admin permission is required. |
|
|
MACRO |
CREATE TEMPORARY MACRO macro_name ... |
The admin permission is required. |
|
DROP TEMPORARY MACRO macro_name |
The admin permission is required. |
- You can perform all the previous operations when owning the admin permission of Hive and the corresponding directory permission of HDFS.
- If the current component uses Ranger for permission control, you need to configure permission management policies based on Ranger. For details, see Adding a Ranger Access Permission Policy for Hive.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
