Help Center/ MapReduce Service/ Component Operation Guide (LTS)/ Using Hive/ Enterprise-Class Enhancements of Hive/ Allowing Users with Select Permission to View the Table Structure
Updated on 2025-08-22 GMT+08:00
View PDF
Share

Allowing Users with Select Permission to View the Table Structure

Scenario

In the default Hive permission control logic, users who have only the SELECT permission on a table can query table data but cannot obtain table structure information (such as table definition, storage format, and partition information). This may bring inconvenience to data development, analysis, and debugging. For example, if a data analyst needs to compile query statements based on the table structure design, the data analyst needs to apply for higher permissions.

This section describes how to add custom parameters to allow users to view the table structure by running the show create table command after being granted the select permission.

Notes and Constraints

  • This section applies only to clusters with Kerberos authentication enabled.
  • This section applies only to the scenario where Ranger authentication is not enabled for Hive and HDFS.

Procedure

  1. Log in to the node where the client is installed as the client installation user.

    For details about how to download and install the cluster client, see Installing an MRS Cluster Client.

  2. Go to the client installation directory, configure environment variables, and authenticate the user.

    1. Go to the client installation directory. 
      cd /opt/hadoopclient
    2. Configure environment variables. 
      source bigdata_env
    3. Authenticate the user. The user must have the permission to create Hive tables. Skip this step for clusters with Kerberos authentication disabled. 
      kinit Component service user

      Example:

      kinit test

  3. Log in to the Hive client. 

    beeline

  4. Create a table, for example, test. 

    create table test(name string);

  5. Insert data into the table. 

    insert into table test(name) values("A");

  6. Exit the Hive client. 

    !q

  7. Log in to the Hive client as the other user, for example, test1, by referring to 2 to 3. Run the following command to view the table structure created in 4: 

    show create table test;

    After the command is executed, an error message is displayed, indicating that the user does not have the required permission.

    Figure 1 Insufficient permissions reported

  8. Log in to FusionInsight Manager, choose Cluster > Services > Hive, click Configurations, and click All Configurations.
  9. Choose HiveServer(Role) > Customization, add a custom parameter to the hive-site.xml parameter file, set Name to hive.allow.show.create.table.in.select.nogrant, and set Value to true.
  10. Click Save to save the settings. Click Instances, select all Hive instances, click More then Restart Instance, enter the user password, and click OK to restart all Hive instances.
  11. Determine whether to enable this function on the Spark/Spark2x client.

    • If yes, download and install the Spark/Spark2x client again.
    • If no, no further action is required.

  12. Bind the role that has the select permission on the table to the user who views the table. For details, see Creating a Hive User and Binding the User to a Role.
  13. Run the following command on the Hive client to view the table structure created in 4: 

    show create table test;
    Figure 2 Viewing the table structure