Is your Hadoop cluster kerberized?
> On 9. Nov 2017, at 06:57, Vijay Toshniwal <[email protected]> wrote: > > Hi Team, > > > > I am facing issues while configuring hive storage based authorization. I > followed the steps mentioned in > https://cwiki.apache.org/confluence/display/Hive/Storage+Based+Authorization+in+the+Metastore+Server > however still any user can create database in hive (using beeline and cli) > at will though not able to delete other users databases. My hive directory > permission is set to 770 (hive:hadoop).Below are the parameters that I added > to hive-site.xml: > > > > hive.metastore.pre.event.listeners: > org.apache.hadoop.hive.ql.security.authorization.AuthorizationPreEventListener > > hive.security.metastore.authorization.auth.reads: true > > hive.security.metastore.authenticator.manager:org.apache.hadoop.hive.ql.security.HadoopDefaultMetastoreAuthenticator > > hive.security.metastore.authorization.manager: > org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider > > hive.metastore.execute.setugi: true > > hive.server2.enable.doAs:true > > > > hive version: 1.2.1 > > Hadoop version: 2.7.3 > > > > My understanding was only those users having write access to > /user/hive/warehouse should be able to create the database. Please suggest. > > > > > I also found one similar question > https://stackoverflow.com/questions/43734947/does-the-storage-based-authorization-or-sql-standards-based-hive-authorization-w?rq=1 > where the default authorization is not working as expected. > > Request you to provide your inputs on the same. > > Thanks, > Vijay
