Understanding Hive Authorization Modes
Different modes of Hive authorization are available to satisfy different use cases.
Secure by Default Configuration (Storage Based Authorization in the Metastore Server)
Hive default security configuration is the storage based authorization in the Metastore server. Managed by Data Fabric tiсkets and impersonation level, Hive configurations control the data access and Data Fabric file system permissions act as one source of truth for the table storage access. By enabling storage based authorization in the metastore server, you can use this single source for truth and have a consistent data and metadata authorization policy.
For use cases where the users have direct access to the data, Hive configurations do not control the data access. The Data Fabric file system permissions act as the one source of truth for table storage access. To control metadata access on the metadata objects such as databases, tables, and partitions, Data Fabric file system checks if you have permission to access the corresponding directories on the file system.
You can also protect access through HiveServer2 (use case 2.2) by ensuring
that the queries run as the end user. The hive.server2.enable.doAs
option should be true
in the HiveServer2 configuration, this is a default value.
For more information, see Hive Security Configuration Options.
SQL Standards Based Authorization in HiveServer2
Although storage based authorization provides access control at the level of databases, tables, and partitions, it can only control authorization at finer levels such as columns and views for Data Fabric Database tables and not for files because the access control provided by the file system is at the level of directory and files. SQL standards authorization makes authorization possible for files BUT at the expense of not being able to enforce that access from any other tool.
For enabling SQL standards based authorization, refer to SQL Standards-Based Hive Authorization.
Legacy Hive Authorization
Old default authorization is the authorization mode that has been available in earlier versions of Hive. However, this mode does not have a complete access control model, leaving many security gaps unaddressed.
For example, the permissions needed to grant privileges for a user are not defined, and any user can grant themselves access to a table or database.
This model is similar to the SQL standards based authorization mode, in that it provides grant or revoke statement-based access control. However, the access control policy is different from SQL standards based authorization, and they are not compatible. Use of this mode is also supported for Hive command line users. However, for reasons mentioned under the discussion of SQL standards based authorization, it is not a secure mode of authorization for the Hive command line.
Related Links
For information related to Hive authorization modes, see: