Thanks KS and others for thoughts and ideas. I found an ok alternative may benefit others in the same situation. The reason for users account is mainly for business users. HUE is the GUI interface we deployed for non-technical users. User need account to access HUE which is the gateway for HIVE. It's not a perfect solution because user still can drop any table. Maybe can tighten the hdfs file permission with read-only. Need to test on that.
-Patrick From: Bejoy KS <bejoy...@yahoo.com<mailto:bejoy...@yahoo.com>> Reply-To: "user@hive.apache.org<mailto:user@hive.apache.org>" <user@hive.apache.org<mailto:user@hive.apache.org>>, "bejoy...@yahoo.com<mailto:bejoy...@yahoo.com>" <bejoy...@yahoo.com<mailto:bejoy...@yahoo.com>> Date: Friday, May 18, 2012 9:08 PM To: "user@hive.apache.org<mailto:user@hive.apache.org>" <user@hive.apache.org<mailto:user@hive.apache.org>> Subject: Re: Is there a way to create user account and grant read only permissions? Hi patrick The Authorization mechanisms in hive are not as solid as other RDBMS. A user can grant himself rights and can then drop a table or do whatever operations he likes to do. There is no super user(admin) and sub user concept in hive yet, but the community is having plans to implement that in future with strong Authorization mechanisms. Saying this if the business users are guaranteed not to play with GRANT statements or rather not change permissions themselves, (But it is hard to guarantee this when the no of users are large :) ) hive can satisfy your requirement. Regards Bejoy KS Sent from handheld, please excuse typos. ________________________________ From: "Raghunath, Ranjith" <ranjith.raghuna...@usaa.com<mailto:ranjith.raghuna...@usaa.com>> Date: Sat, 19 May 2012 00:54:36 +0000 To: user@hive.apache.org<mailto:user@hive.apache.org><user@hive.apache.org<mailto:user@hive.apache.org>> ReplyTo: user@hive.apache.org<mailto:user@hive.apache.org> Subject: RE: Is there a way to create user account and grant read only permissions? Take a look at this, https://cwiki.apache.org/Hive/languagemanual-auth.html. This may be what you are looking for . From: shashwat shriparv [mailto:dwivedishash...@gmail.com] Sent: Friday, May 18, 2012 3:08 PM To: user@hive.apache.org<mailto:user@hive.apache.org> Subject: Re: Is there a way to create user account and grant read only permissions? Check out this https://ccp.cloudera.com/display/CDHDOC/Hive+Security+Configuration On Sat, May 19, 2012 at 12:17 AM, Patrick Luo <l...@trulia.com<mailto:l...@trulia.com>> wrote: My use case requires individual accounts for business users groups. Is there a way to mimic MySQL (or other database) to create users with read-only permissions? This avoid business user accidental table drop. Metastore has table ROLES but don’t see documentation on that. Much appreciated if anyone can point to the documentation or share your thoughts on this? - Patrick -- ∞ Shashwat Shriparv