sentry调研

原理

参考

配置

Hive测试

ssh root@cdh5-slave1

beeline

!connect jdbc:hive2://localhost:10000 hive hive org.apache.hive.jdbc.HiveDriver

!connect jdbc:hive2://localhost:10000 hive hive

show current roles;

  1. SHOW ROLE GRANT GROUP group name;
  2. SHOW GRANT ROLE <role name>;

hive

参考

权限要求

  • create role x

  • grant select on table

  • GRANT ROLE test TO GROUP test-group;

  • 不支持直接grant权限到group

显示当前用户拥有的角色

show current roles

显示所有角色

show roles

显示某个组拥有的角色

show role grant group jonny;

显示角色拥有的权限

show grant role role_name

组解除角色

revoke role role_name from group group_name

创建数据库

grant all on server server1 to role admin;

创建表

grant all on database default to role admin;

注意:做不到只grant create table的权限给用户

  1. CREATE TABLE IF NOT EXISTS person
  2.  (id int COMMENT 'Integer Column',
  3.  name string COMMENT 'String Column'
  4.  )
  5.  COMMENT 'This is test table'
  6.  ROW FORMAT DELIMITED
  7.  FIELDS TERMINATED BY ','
  8.  STORED AS TEXTFILE;

导入数据

  1. grant all on uri 'file:///opt/cm-5.16.2/run/cloudera-scm-agent/process/269-hive-HIVESERVER2/person.txt' to role user_jonny;
  3. LOAD DATA LOCAL INPATH 'person.txt' OVERWRITE INTO TABLE person;