2021-5-1
问题:提交作业到 root.groupa 权限被拒绝
hive -e "set mapreduce.job.queuename=root.groupa;select count(*) from sqoop_hosts;"
![image-20201207100938664.png](/uploads/projects/bigdata-yh@questions/53b9ee0b6f21e442d99deaec9798b7a7.png)
- 原因:Hive表无权限,HDFS无权限目录。
- 解决Hive表权限问题:登录hive超级用户,创建角色,创建组,分别将角色赋权给组a、b、c
create role all_pri;
grant all on table testhive to role all_pri;
grant role all_pri to group groupa;
grant role all_pri to group groupb;
grant role all_pri to group groupc;
![image-20201207104701376.png](/uploads/projects/bigdata-yh@questions/2b673bcdf4c3384ab16c43e4a689c4bc.png)
- 解决HDFS权限问题:使用Kerberos的HDFS用户,创建auser1的家目录,修改组为auser1
hdfs dfs -mkdir /user/auser1
hdfs dfs -chown auser1:groupa /user/auser1
![image-20201207110421196.png](/uploads/projects/bigdata-yh@questions/924660f7d2add4bbe4d63ad5cd04b928.png)
问题:放置规则失效,auser1可以在groupc组下执行
hive -e "set mapreduce.job.queuename=root.groupc;select count(*) from testhive;"
![image-20201207112801520.png](/uploads/projects/bigdata-yh@questions/f76603bf2515c317c3a89e971acb65da.png)
- 原因:放置规则顺序不一致,如果执行规则满足,则直接跳过后续的放置规则
![image-20201207112552777.png](/uploads/projects/bigdata-yh@questions/e9d49061be10e5888e4497988418eb29.png)
![image-20201207113017750.png](/uploads/projects/bigdata-yh@questions/8bdac7b3dd31cf6db809722188dc9d3e.png)
![image-20201207113112733.png](/uploads/projects/bigdata-yh@questions/31fcfd70b0d20b56f3f0907a6257eccf.png)