0: jdbc:hive2://node1:10000> create role root;
Error: Error while processing statement: FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Current user : ljr is not allowed to add roles. User has to belong to ADMIN role and have it as current role, for this action. (state=08S01,code=1)
对于由于用户权限引起的报错,我们知道只要对用户进行授予相关的权限就可以解决问题,但是最令人疑惑的是,这个授权的boss是谁?我们可以从报错内容看出授权的必须是belong to ADMIN role and have it as current role(属于超级管理员的角色,并且是当前的角色),下面讨论怎么进行设置;
解决办法:
1、在hive-site.xml中指定超级管理员:
vim $HIVE_HOME/conf/hive-site.xml
<property><name>hive.users.in.admin.role</name>
<value>ljr</value>
</property>2、通过beeline以ljr用户进入hive
beeline -u jdbc:hive2://node1:10000 -n ljr
分别执行以下操作
set hive.users.in.admin.role;
set role admin;
create role root;
到此可以发现用户ljr已经有了创建角色的权限;事实上ljr已经拥有了hive超级管理员的所有权限
比如:未进行set role admin;时ljr是无权将test库的权限开放给其他用户的
0: jdbc:hive2://node1:10000> grant all on database test to user root;
Error: Error while processing statement: FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Permission denied: Principal [name=ljr, type=USER] does not have following privileges for operation GRANT_PRIVILEGE [[SELECT with grant, INSERT with grant, UPDATE with grant, DELETE with grant] on Object [type=DATABASE, name=test]] (state=08S01,code=1)
但进行以上操作后可以发现ljr可以对test库进行授权了
0: jdbc:hive2://node1:10000> grant all on database test to user root;
0: jdbc:hive2://node1:10000> show grant user root;
版权归原作者 独孤雨鸿 所有, 如有侵权,请联系我们删除。