hive权限控制---限定用户的某些操作权限

package com.lxw.hive;



import org.apache.hadoop.hive.ql.parse.ASTNode;
import org.apache.hadoop.hive.ql.parse.AbstractSemanticAnalyzerHook;
import org.apache.hadoop.hive.ql.parse.HiveParser;
import org.apache.hadoop.hive.ql.parse.HiveSemanticAnalyzerHookContext;
import org.apache.hadoop.hive.ql.parse.SemanticException;
import org.apache.hadoop.hive.ql.session.SessionState;

/**
 * 只运行Admin用户(lxw用户)执行创建数据库，赋权等操作。
 */
public class MyAuthHook extends AbstractSemanticAnalyzerHook {
	private static String admin = "lxw";

	@Override
	public ASTNode preAnalyze(HiveSemanticAnalyzerHookContext context,
			ASTNode ast) throws SemanticException {
		switch (ast.getToken().getType()) {
		case HiveParser.TOK_CREATEDATABASE:
		case HiveParser.TOK_DROPDATABASE:
		case HiveParser.TOK_CREATEROLE:
		case HiveParser.TOK_DROPROLE:
		case HiveParser.TOK_GRANT:
		case HiveParser.TOK_REVOKE:
		case HiveParser.TOK_GRANT_ROLE:
		case HiveParser.TOK_REVOKE_ROLE:
			String userName = null;
			if (SessionState.get() != null
					&& SessionState.get().getAuthenticator() != null) {
				userName = SessionState.get().getAuthenticator().getUserName();
			}
			if (!admin.equalsIgnoreCase(userName)) {
				throw new SemanticException(userName
						+ " can't use ADMIN options, except " + admin + ".");
			}
			break;
		default:
			break;
		}

		return ast;
	}
}

打包放到$HIVE_HOME/lib目录下；

修改hive-site.xml

<property>
  <name>hive.semantic.analyzer.hook</name>
  <value>com.lxw.hive.MyAuthHook</value>
</property>

运行结果：

hive> drop database lxw2;
FAILED: Error in semantic analysis: lxw2 can't use ADMIN options, except lxw.
hive> create database lxw3;
FAILED: Error in semantic analysis: lxw2 can't use ADMIN options, except lxw.
hive> grant select on database lxw2 to user lxw2;
FAILED: Error in semantic analysis: lxw2 can't use ADMIN options, except lxw.

hive权限控制---限定用户的某些操作权限

猜你喜欢