sentry调研
原理
配置
- 准备工作
- cdh HiveServer2启用sentry
- hdfs acl与sentry同步
- Hive metastore配置sentry
- hue配置(可选)
- 测试 hive 权限启用情况:使用hue(可选)
Hive测试
ssh root@cdh5-slave1
beeline
!connect jdbc:hive2://localhost:10000 hive hive org.apache.hive.jdbc.HiveDriver
!connect jdbc:hive2://localhost:10000 hive hive
show current roles;
SHOW ROLE GRANT GROUP group name;
SHOW GRANT ROLE <role name>;
hive
- create role x
grant select on table
GRANT ROLE test TO GROUP test-group;
- 不支持直接grant权限到group
显示当前用户拥有的角色
show current roles
显示所有角色
show roles
显示某个组拥有的角色
show role grant group jonny;
显示角色拥有的权限
show grant role role_name
组解除角色
revoke role role_name from group group_name
创建数据库
grant all on server server1 to role admin;
创建表
grant all on database default to role admin;
注意:做不到只grant create table的权限给用户
CREATE TABLE IF NOT EXISTS person
(id int COMMENT 'Integer Column',
name string COMMENT 'String Column'
)
COMMENT 'This is test table'
ROW FORMAT DELIMITED
FIELDS TERMINATED BY ','
STORED AS TEXTFILE;
导入数据
grant all on uri 'file:///opt/cm-5.16.2/run/cloudera-scm-agent/process/269-hive-HIVESERVER2/person.txt' to role user_jonny;
LOAD DATA LOCAL INPATH 'person.txt' OVERWRITE INTO TABLE person;