Then you need to kerberize it to support what you want
> On 9. Nov 2017, at 09:18, Vijay Toshniwal <[email protected]> wrote: > > No its not. > > Thanks, > Vijay > >> On Thu, Nov 9, 2017 at 1:09 PM, Jörn Franke <[email protected]> wrote: >> Is your Hadoop cluster kerberized? >> >>> On 9. Nov 2017, at 06:57, Vijay Toshniwal <[email protected]> wrote: >>> >>> Hi Team, >>> >>> >>> >>> I am facing issues while configuring hive storage based authorization. I >>> followed the steps mentioned in >>> https://cwiki.apache.org/confluence/display/Hive/Storage+Based+Authorization+in+the+Metastore+Server >>> however still any user can create database in hive (using beeline and cli) >>> at will though not able to delete other users databases. My hive directory >>> permission is set to 770 (hive:hadoop).Below are the parameters that I >>> added to hive-site.xml: >>> >>> >>> >>> hive.metastore.pre.event.listeners: >>> org.apache.hadoop.hive.ql.security.authorization.AuthorizationPreEventListener >>> >>> hive.security.metastore.authorization.auth.reads: true >>> >>> hive.security.metastore.authenticator.manager:org.apache.hadoop.hive.ql.security.HadoopDefaultMetastoreAuthenticator >>> >>> hive.security.metastore.authorization.manager: >>> org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider >>> >>> hive.metastore.execute.setugi: true >>> >>> hive.server2.enable.doAs:true >>> >>> >>> >>> hive version: 1.2.1 >>> >>> Hadoop version: 2.7.3 >>> >>> >>> >>> My understanding was only those users having write access to >>> /user/hive/warehouse should be able to create the database. Please suggest. >>> >>> >>> >>> >>> I also found one similar question >>> https://stackoverflow.com/questions/43734947/does-the-storage-based-authorization-or-sql-standards-based-hive-authorization-w?rq=1 >>> where the default authorization is not working as expected. >>> >>> Request you to provide your inputs on the same. >>> >>> Thanks, >>> Vijay >
