package com.lxw.hive; import org.apache.hadoop.hive.ql.parse.ASTNode; import org.apache.hadoop.hive.ql.parse.AbstractSemanticAnalyzerHook; import org.apache.hadoop.hive.ql.parse.HiveParser; import org.apache.hadoop.hive.ql.parse.HiveSemanticAnalyzerHookContext; import org.apache.hadoop.hive.ql.parse.SemanticException; import org.apache.hadoop.hive.ql.session.SessionState; /** * 只运行Admin用户(lxw用户)执行创建数据库,赋权等操作。 */ public class MyAuthHook extends AbstractSemanticAnalyzerHook { private static String admin = "lxw"; @Override public ASTNode preAnalyze(HiveSemanticAnalyzerHookContext context, ASTNode ast) throws SemanticException { switch (ast.getToken().getType()) { case HiveParser.TOK_CREATEDATABASE: case HiveParser.TOK_DROPDATABASE: case HiveParser.TOK_CREATEROLE: case HiveParser.TOK_DROPROLE: case HiveParser.TOK_GRANT: case HiveParser.TOK_REVOKE: case HiveParser.TOK_GRANT_ROLE: case HiveParser.TOK_REVOKE_ROLE: String userName = null; if (SessionState.get() != null && SessionState.get().getAuthenticator() != null) { userName = SessionState.get().getAuthenticator().getUserName(); } if (!admin.equalsIgnoreCase(userName)) { throw new SemanticException(userName + " can't use ADMIN options, except " + admin + "."); } break; default: break; } return ast; } }
打包放到$HIVE_HOME/lib目录下;
修改hive-site.xml
<property> <name>hive.semantic.analyzer.hook</name> <value>com.lxw.hive.MyAuthHook</value> </property>
运行结果:
hive> drop database lxw2; FAILED: Error in semantic analysis: lxw2 can't use ADMIN options, except lxw. hive> create database lxw3; FAILED: Error in semantic analysis: lxw2 can't use ADMIN options, except lxw. hive> grant select on database lxw2 to user lxw2; FAILED: Error in semantic analysis: lxw2 can't use ADMIN options, except lxw.