您好,登錄后才能下訂單哦!
溫馨提示:要看高清無碼套圖,請使用手機(jī)打開并單擊圖片放大查看。
1.文檔編寫目的
本文文檔主要講述如何使用Sentry管理Hive/Impala外部表權(quán)限。
1.創(chuàng)建測試庫及外部表
2.創(chuàng)建角色并授權(quán)
3.授權(quán)測試
4.測試總結(jié)
1.操作系統(tǒng)為CentOS6.5
2.CM和CDH版本為5.12.1
3.采用root用戶操作
1.集群運(yùn)行正常
2.集群已啟用Kerberos且正常使用
3.HDFS/Hive/Impala/Hue服務(wù)已與Sentry集成
4.Hive用戶為超級用戶
友情提示:總結(jié)是精華。
2.創(chuàng)建測試庫及外部表
創(chuàng)建fayson數(shù)據(jù)庫
0: jdbc:hive2://localhost:10000/> create database fayson;
INFO : Compiling command(queryId=hive_20170916155353_12e7c551-6a72-4ff3-b581-353c4dbd0fb0): create database fayson
INFO : Semantic Analysis Completed
…
INFO : OK
No rows affected (0.232 seconds)
0: jdbc:hive2://localhost:10000/>
2.在fayson庫下創(chuàng)建外部表student_hive,建表語句如下
create external table if not exists student_hive(
name string,
age int,
addr string
)
ROW FORMAT DELIMITED FIELDS TERMINATED BY ','
LOCATION '/extwarehouse/student_hive';
向/extwarehouse/student_hive表put數(shù)據(jù)
[root@ip-172-31-6-148 ~]# hadoop fs -put student.txt /extwarehouse/student_hive
[root@ip-172-31-6-148 ~]# hadoop fs -ls /extwarehouse/student_hive
Found 1 items
-rw-r--r-- 3 hive supergroup 59 2017-09-16 16:05 /extwarehouse/student_hive/student.txt
[root@ip-172-31-6-148 ~]#
/extwarehouse/student_hive數(shù)據(jù)目錄不存,在創(chuàng)建外部表時(shí)自動(dòng)生成,且數(shù)據(jù)目錄屬主為hive。
0: jdbc:hive2://localhost:10000/> select * from student_hive;
...
INFO : OK
+--------------------+-------------------+--------------------+--+
| student_hive.name | student_hive.age | student_hive.addr |
+--------------------+-------------------+--------------------+--+
| fayson | 23 | guangdong |
| zhangsan | 24 | shenzhen |
| lisi | 55 | guangzhou |
+--------------------+-------------------+--------------------+--+
3 rows selected (0.216 seconds)
0: jdbc:hive2://localhost:10000/>
3.創(chuàng)建角色并授權(quán)
授權(quán)fayson用戶組擁有fayson庫所有權(quán)限
create role faysonall;
grant all on database fayson to role faysonall;
grant role faysonall to group fayson;
4.授權(quán)測試
[fayson@ip-172-31-6-148 root]$ beeline
Beeline version 1.1.0-cdh6.12.1 by Apache Hive
beeline> !connect jdbc:hive2://localhost:10000/;principal=hive/ip-172-31-6-148.fayson.com@FAYSON.COM
scan complete in 2ms
Connecting to jdbc:hive2://localhost:10000/;principal=hive/ip-172-31-6-148.fayson.com@FAYSON.COM
Connected to: Apache Hive (version 1.1.0-cdh6.12.1)
Driver: Hive JDBC (version 1.1.0-cdh6.12.1)
Transaction isolation: TRANSACTION_REPEATABLE_READ
0: jdbc:hive2://localhost:10000/>
2.切換至fayson數(shù)據(jù)庫對student_hive表操作
可以向表中插入數(shù)據(jù)
0: jdbc:hive2://localhost:10000/> insert into student_hive values('lisi', 22, 'beijing');
...
INFO : OK
No rows affected (22.501 seconds)
0: jdbc:hive2://localhost:10000/>
可以查詢表數(shù)據(jù)
0: jdbc:hive2://localhost:10000/> select * from student_hive;
...
INFO : OK
+--------------------+-------------------+--------------------+--+
| student_hive.name | student_hive.age | student_hive.addr |
+--------------------+-------------------+--------------------+--+
| lisi | 22 | beijing |
| fayson | 23 | guangdong |
| zhangsan | 24 | shenzhen |
| lisi | 55 | guangzhou |
+--------------------+-------------------+--------------------+--+
4 rows selected (0.215 seconds)
0: jdbc:hive2://localhost:10000/>
3.HDFS驗(yàn)證
fayson用戶可以瀏覽student_hive的數(shù)據(jù)目錄,查看數(shù)據(jù)目錄下文件內(nèi)容,但沒有delete和put文件的權(quán)限。
[fayson@ip-172-31-6-148 ~]$ hadoop fs -ls /extwarehouse/student_hive
Found 2 items
-rwxr-xr-x 3 hive supergroup 16 2017-09-16 16:16 /extwarehouse/student_hive/000000_0
-rw-r--r-- 3 hive supergroup 59 2017-09-16 16:05 /extwarehouse/student_hive/student.txt
[fayson@ip-172-31-6-148 ~]$ hadoop fs -rmr /extwarehouse/student_hive/student.txt
rmr: DEPRECATED: Please use 'rm -r' instead.
rmr: Failed to move to trash: hdfs://ip-172-31-6-148.fayson.com:8020/extwarehouse/student_hive/student.txt: Permission denied: user=fayson, access=WRITE, inode="/extwarehouse/student_hive":hive:supergroup:drwxr-xr-x
[fayson@ip-172-31-6-148 ~]$ hadoop fs -put student1.txt /extwarehouse/student_hive/
put: Permission denied: user=fayson, access=WRITE, inode="/extwarehouse/student_hive":hive:supergroup:drwxr-xr-x
[fayson@ip-172-31-6-148 ~]$
測試總結(jié):
hive創(chuàng)建的外部表,通過Sentry授權(quán)后,fayson用戶組使用beeline和Hue能對該表進(jìn)行查詢和插入操作。但不能對HDFS和Hue FileBrowser上的數(shù)據(jù)目錄進(jìn)行新增和刪除操作,由于fayson用戶無操作數(shù)據(jù)目錄的權(quán)限。
5.測試總結(jié)
如果這個(gè)外部表的目錄沒有在cm里配置成需要sentry管理的目錄,通過Sentry賦權(quán)后,是沒法做ACL同步的,不建議在生產(chǎn)系統(tǒng)中這樣使用。如果你需要管理外部表,那么你就需要按照之前的標(biāo)準(zhǔn)文檔來操作。如何使用Sentry管理Hive外部表權(quán)限
醉酒鞭名馬,少年多浮夸! 嶺南浣溪沙,嘔吐酒肆下!摯友不肯放,數(shù)據(jù)玩的花!
溫馨提示:要看高清無碼套圖,請使用手機(jī)打開并單擊圖片放大查看。
推薦關(guān)注Hadoop實(shí)操,第一時(shí)間,分享更多Hadoop干貨,歡迎轉(zhuǎn)發(fā)和分享。
原創(chuàng)文章,歡迎轉(zhuǎn)載,轉(zhuǎn)載請注明:轉(zhuǎn)載自微信公眾號Hadoop實(shí)操
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場,如果涉及侵權(quán)請聯(lián)系站長郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。