http://www.cloudera.com/content/cloudera-content/cloudera-docs/CDH5/latest/CDH5-Security-Guide/cdh5sg_sentry.html
条件:
Kerberos安全认证(使用cm配置安全认证后,hive自动也添加了认证,所以hive认证配置http://www.cloudera.com/content/cloudera-content/cloudera-docs/CDH5/latest/CDH5-Security-Guide/cdh5sg_hive_security.html可以省略)
该条件是cloudera官方文档中说明的,据了解,可以不配置kerberos安全认证,同样可以使用sentry,但试过,求试过的同学个回复
步骤:
sudo -u hdfs hdfs dfs -chmod -R 770 /user/hive/warehouse
sudo -u hdfs hdfs dfs -chown -R hive:hive /user/hive/warehouse
cm的hive配置中找到 hive.sentry.provider设置成org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider
(如此hive将识别policy file的user group配置)
sentry-provider.ini配置。例如:
[databases]
# Defines the location of the per DB policy file for the customers DB/schema
customers = hdfs://namenode11.yeahmobi.com:8020/etc/sentry/customers.ini
-------------某个数据库权限配置
[groups]
# Assigns each Hadoop group to its set of roles
manager = analyst_role, junior_analyst_role
analyst = analyst_role
jranalyst = junior_analyst_role
customers_admin = customers_admin_role
admin = admin_role
[roles]
# The uris below define a define a landing skid which
# the user can use to import or export data from the system.
# Since the server runs as the user "hive" files in that directory
# must either have the group hive and read/write set or
# be world read/write.
analyst_role = server=server1->db=analyst1, \
server=server1->db=jranalyst1->table=*->action=select,\
server=server1->db=default->table=*->action=select,\
server=server1->db=test->table=*->action=select
junior_analyst_role = server=server1->db=jranalyst1
# Implies everything on server1 -> customers. Privileges for
# customers can be defined in the global policy file even though
# customers has its only policy file. Note that the Privileges from
# both the global policy file and the per-DB policy file
# are merged. There is no overriding.
customers_admin_role = server=server1->db=customers
# Implies everything on server1.
admin_role = server=server1
[users]
-----------------------------user group在此生效
hive = manager,customers_admin
hue = analyst
rube = analyst
qiulp= analyst
上传此文件至hdfs的某个目录项,此目录授权给hive用户hive组。
hive启用sentry
cm中找到hive hive.server2.session.hook配置为:org.apache.sentry.binding.hive.HiveAuthzBindingSessionHook
配置hive.sentry.conf.url
使用hive jdbc时,出现如下异常:
Exception in thread "main" java.sql.SQLException: Error while compiling statement: FAILED: SemanticException No valid privileges
at org.apache.hive.jdbc.Utils.verifySuccess(Utils.java:167)
at org.apache.hive.jdbc.Utils.verifySuccessWithInfo(Utils.java:155)
at org.apache.hive.jdbc.HiveStatement.execute(HiveStatement.java:210)
是权限赋值的有问题。
分享到:
相关推荐
CDH6.3.2配置Hue+Sentry权限管理.pdf
从实际企业需求角度出发,引入Hue的实际开发应用场景,基于Hue构建统一化的大数据集中式开发管理平台,并基于Hue构建可视化分析 课程亮点 1,知识体系完备,从小白到大神各阶段读者均能学有所获。 2,生动形象,化...
Hue 常见问题解决方案,包涵大部分常见Hue的问题整理,供参考
Hue数据导入导出 一套流程的开发使用 旨在帮助大家v e
Hue是cdh专门的一套web管理器,它包括3个部分hue ui,hue server,hue db。hue提供所有的cdh组件的shell界面的接口。你可以在hue编写mr,查看修改hdfs的文件,管理hive的元数据,运行Sqoop,编写Oozie工作流等大量...
hue大数据系统集成管理界面 1、部署简单 2、支持大数据操作功能强大 3、界面使用简单 4、强力推荐 5、五分好评
大数据常用组件 Hue的常见问题解决方案,包涵大部分常见Hue的问题整理,供参考
hue 学习
CM安装Hue测试hue数据库连接异常使用;
hue搭建。。
这个是hue-3.7.0-cdh5.3.6版本压缩包.
hue-4.10.0在CentOS7.9服务器安装部署手册。python2.7.5+nodejs14安装部署手册
hue的环境搭建,主要是用来管理大数据配置平台 Hue环境的搭建 下载链接:https://github.com/cloudera/hue/tree/branch-3.11 参考文档:http://blog.csdn.net/lsshlsw/article/details/47865601 环境准备 yum ...
hue-4.8.0.tgz
hue-3.11.0.tgz,官网下不了喔
hue-3.9.0-cdh5.7.1 源码 hue-3.9.0-cdh5.7.1 源码 hue-3.9.0-cdh5.7.1 源码
Hue是一个开源的Apache Hadoop UI系统,最早是由Cloudera Desktop演化而来,由Cloudera贡献给开源社区,它是基于Python Web框架Django实现的。通过使用Hue我们可以在浏览器端的Web控制台上与Hadoop集群进行交互来...
Ambari2.7.4集成Hue4.6.0 安装部署详细步骤文档
Hue可视化框架安装详细介绍文档,Hue可视化框架安装详细介绍文档
大数据Hue架构原理.pdf