hive权限控制---限定用户的某些操作权限
package com.lxw.hive;import org.apache.hadoop.hive.ql.parse.ASTNode;import org.apache.hadoop.hive.ql.parse.AbstractSemanticAnalyzerHook;import org.apache.hadoop.hive.ql.parse.HiveParser;import org.apache.hadoop.hive.ql.parse.HiveSemanticAnalyzerHookContext;import org.apache.hadoop.hive.ql.parse.SemanticException;import org.apache.hadoop.hive.ql.session.SessionState;/** * 只运行Admin用户(lxw用户)执行创建数据库,赋权等操作。 */public class MyAuthHook extends AbstractSemanticAnalyzerHook {private static String admin = "lxw";@Overridepublic ASTNode preAnalyze(HiveSemanticAnalyzerHookContext context,ASTNode ast) throws SemanticException {switch (ast.getToken().getType()) {case HiveParser.TOK_CREATEDATABASE:case HiveParser.TOK_DROPDATABASE:case HiveParser.TOK_CREATEROLE:case HiveParser.TOK_DROPROLE:case HiveParser.TOK_GRANT:case HiveParser.TOK_REVOKE:case HiveParser.TOK_GRANT_ROLE:case HiveParser.TOK_REVOKE_ROLE:String userName = null;if (SessionState.get() != null&& SessionState.get().getAuthenticator() != null) {userName = SessionState.get().getAuthenticator().getUserName();}if (!admin.equalsIgnoreCase(userName)) {throw new SemanticException(userName+ " can't use ADMIN options, except " + admin + ".");}break;default:break;}return ast;}}
?
打包放到$HIVE_HOME/lib目录下;
修改hive-site.xml
?
<property> <name>hive.semantic.analyzer.hook</name> <value>com.lxw.hive.MyAuthHook</value></property>
?
运行结果:
?
hive> drop database lxw2;FAILED: Error in semantic analysis: lxw2 can't use ADMIN options, except lxw.hive> create database lxw3;FAILED: Error in semantic analysis: lxw2 can't use ADMIN options, except lxw.hive> grant select on database lxw2 to user lxw2;FAILED: Error in semantic analysis: lxw2 can't use ADMIN options, except lxw.?