Sunday, April 15, 2018

Enabling hive Authorization in Qubole

Once the Hive authorization is enabled in qubole we need to mange the users and permission by hive authentication,  following are the some of the commands which will be used for the same.

1. Listing the Current Roles

Set role admin;
show roles

2. Create the roles

CREATE ROLE <role_name>;
Creates a new role. Only the admin role has privilege for this.


Eg:
Set role admin;
Create role sysadmin;

3. Grant Role to users


GRANT ROLE <role_name> TO USER <user_name>
 
Eg:
Set role admin;
Grant Role sysadmin to user rahul ;


4. Revoke a role from user

REVOKE ROLE <role_name> FROM USER <user_name>;


Eg:
Set role admin;
REVOKE Role sysadmin from user rahul;


5. List  Roles attached to a user

SHOW ROLE GRANT USER <user_name>;


Eg.
Set role admin;
show role grant user `rahul`;


6. List Users under a role

SHOW PRINCIPALS <Role_name>


Eg
Set role admin;
SHOW PRINCIPALS sysadmin


7. Assign Role access to tables



Sample Permission
SELECT privilege: It provides read access to an object (table).
INSERT privilege: It provides ability for adding data to an object (table).
UPDATE privilege: It provides ability for running UPDATE queries on an object (table).
DELETE privilege: It provides ability for deleting data in an object (table).
ALL privilege: It provides all privileges. In other words, this privilege gets translated into all the above privileges.


GRANT <Permission> ON <table_name> TO ROLE <role_name>;


Eg:
Grant all on default.testtable to role sysadmin


8. View Role/user Permissions on tables

Check all users who have been granted with a specific role


SHOW GRANT USER <user_name> ON <table_name|All>;
SHOW GRANT ROLE <user_name> ON <table_name|All>;


Eg:
SHOW GRANT user analytics on all

No comments:

Post a Comment