Though that will protect the files, it won't protect the schema (e.g.
the read-only users will still be able to drop the table).
-- amr
On 1/20/2010 9:29 PM, Oscar Gothberg wrote:
Thanks!
I realized this could also be managed, albeit still clumsily, through
user/group read/write permissions for the Hive warehouse directory.
/ Oscar
On Tue, Jan 19, 2010 at 11:40 PM, Amr Awadallah <a...@cloudera.com
<mailto:a...@cloudera.com>> wrote:
HIVE-78 is what we all are waiting for :)
The hack you suggest below should be a valid interim solution,
just make sure the read-only clients have their own hive-site.xml
with the proper user/pass for the read only account, e.g.
<property>
<name>javax.jdo.option.ConnectionUserName</name>
<value>read-only-user</value>
</property>
<property>
<name>javax.jdo.option.ConnectionPassword</name>
<value>xxxxx</value>
</property>
see this for more details:
http://wiki.apache.org/hadoop/Hive/AdminManual/MetastoreAdmin
-- amr
On 1/13/2010 10:49 PM, Oscar Gothberg wrote:
Hi,
is there a way to set up users with read-only users in Hive,
so that I can have one user with write privileges that runs
ETL and updates the warehouse, adds partitions, etc, and one
or more 'read-only' users that would be able to execute
SELECTs, etc, but not DDL type statements?
I'd be interested how others out there solve having separation
between producers that feed and update the data warehouse one
one hand, and the consumers on the other.
From what I understand Hive doesn't have a lot of multiuser
support yet (as described in HIVE-78 etc). Maybe one
possibility could be to have 'read-only' users use a different
account in the mysql metastore without write privileges, and
have any DDL statements from such users fail due to metastore
errors, but hopefully there's a cleaner way?
Thanks,
/ Oscar
