Hi all, I met a problem with Hive Default Authorization - Legacy Mode<https://cwiki.apache.org/confluence/display/Hive/Hive+Default+Authorization+-+Legacy+Mode>, I tried to enable the authorization on hiveserver2, and this is my hive-site.xml in hiveserver2 conf: <property> <name>hive.security.authorization.enabled</name> <value>true</value> </property> <property> <name>hive.security.authorization.createtable.owner.grants</name> <value>ALL</value> </property> <property> <name>hive.semantic.analyzer.hook</name> <value>com.hive.auth.AuthHook</value> <description>just for super administrator</description> </property> <property> <name>hive.security.authorization.task.factory</name> <value>org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactoryImpl</value> </property>
The problem I met is that when I create a view of a table,and grant the select privilege of the view to somebody, then hive will check the view privilege first,and after that,hive check the table privilege again.Like this: create view v_dual as select * from dual; grant select on v_dual to user test; And when user test tried to execute this sql : select * from v_dual, hive throws an Error: "Error: Error while compiling statement: No privilege 'Select' found for inputs { database:default, table:dual, columnName:foo} (state=42000,code=403)" But the hive wiki says that The default authorization model in Hive can be used to provide fine grained access control by creating views and granting access to views instead of the underlying tables. So I'm confused that why I am not performing this well as the wiki described.