Understanding Hive Authorization Use Cases
Table Storage Layer and SQL Query Engine are the two primary use cases for client-based authorization protection, delivered as part of the open source project.
Use Case 1: Table Storage Layer
This is the use case for Hive HCatalog API users.
In this case, Hive provides a table abstraction and metadata for files on storage (typically Data Fabric file system). You have direct access to Data Fabric file system and the metastore server (which provides an API for metadata access).
Data Fabric file system access is authorized through the use of Data Fabric file system permissions. You need to authorize metadata access using Hive configuration.
Use Case 2: SQL Query Engine
This is one of the most common use cases of Hive. This is the "Hive view" of SQL users and
BI tools. This use case has the following two subcategories:
- Hive command line users - You have direct access to Data Fabric file system and the Hive metastore, which makes this use case similar to use case 1.
- ODBC/JDBC and other HiveServer2 API users (Beeline CLI is an example) - You have all data or metadata access through HiveServer2. You do not have direct access to Data Fabric file system or the metastore.