I am having an issue trying to create some scheduled queries in Hive and I don't find what permission to add, I have tried to grant ALL on the database and nothing is changing.
My command is:
create scheduled query query_1_stream_1 cron '0 */1 * * * ? *' as
insert into stream_db.kafka_5m partition (st, hr)
...
Error:
Error while compiling statement: FAILED: SemanticException Permission denied: Principal [name=hive, type=USER] does not have following privileges for operation CREATE_SCHEDULED_QUERY [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT]
Any idea what is the specific permission, as I said, I tried to add ALL permissions and the error persists.
The create_scheduled_query, as well as other similar hive operations, are privileges reserved for the hive's admins, this means that you need to assign the admin role to the user or users that you want to execute those privileged operations.
This is the configuration that you need:
hive.server2.enable.doAs=false
hive.security.authorization.enabled=true
hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory
hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator
hive.users.in.admin.role=<admin user>
Let's talk about the configuration a little:
The hive.server2.enable.doAs will make your queries run as hive, this is the Hive impersonation feature, it is not really required for this role addition, but usually you want the user hive to the admin.
The 2nd, 3rd and 4th are not mandatory and you might have other values in them.
The 5th is the magic one, this indicates which users are admins, you need to list the users that you want to have those privileges here as follows:
hive.users.in.admin.role=hive
Then, open up your hive CLI or beeline and run the following:
set role admin;
This set is required even if your user is admin in the configuration, the hive user is not running as admin automatically never, you need to 1. have the role, and 2. enable the role in the CLI.
At this point, you should be able to create your schedules, alter them, drop them, etc.
Related
i tried to update table wwv_flow_item_list in Oracle autonomus database on cloud but i get error insuficient privileges. I cant even select data from those tables (all wwv prefix). User is ADMIN. which user have rights to perform these tasks ?
I have some tables in test database in HIVE that were created by another user.
I am trying to move these tables to another database called events
I have tried like below
alter table test.123 rename to events.123
But I am receiving permission denied error because the table 123 has been created by another.
1) How can I move this table?
2) How can we change the owner of the table to other user's?
3) Or How can we change ownership of all tables of a database to another user?
4) What is the best scenario where we don't need to worry about permission on Hive tables?
You can try following with superuser
ALTER (DATABASE|SCHEMA) database_name SET OWNER [USER|ROLE] user_or_role; -- (Note: Hive 0.13.0 and later; SCHEMA added in Hive 0.14.0)
If your Hadoop cluster is Kerberos enabled then there is no way you can change the ownership with non-super user account. If this would have been possible then there is no use of Permissions.
I just want to check if Hive interpreter in Zeppelin can dynamically set the user and password.
My case is like this.
I have table1 in hive and I assigned full access to user1. For another user, let say user2, i have not assigned any access on table1. The access privilege is done in Apache Ranger.
I would like to use Zeppelin to check if the access privilege sets in Ranger would work as expected.
I know I can set it manually from the Interpreter Hive configuration but I dont want to open that configuration each time i need to test particular user.
I am looking for something like this in Zeppelin. I can set it on each section/window.
%hive <set user and password here>
select * from table1
Thanks in advance.
Due to security issues the user or Informatica has grants to create neither tables nor synonyms.
So I have come up with this:
The PMERR_DATA, PMERR_MSG, etc. tables are created under another user
The user of Informatica is granted to select, inset, update and delete from these tables
Name of the owner of the tables was set in the error table log prefix field:
But when the task starts, the integration service tries to create these PMERR% tables and it fails (due to lack of permissions to create tables)
How can these restrictions be overcome?
I want to create the user and the database within that user. But when I tried to create database its giving the warning message as
ERROR at line 1:
ORA-01501: CREATE DATABASE failed
ORA-01100: database already mounted
Then I tried
STARTUP NOMOUNT;
Its giving the warning message for insufficient privileges even I have given all the permission to that particular user.
Can any one please help in finding the solution for this?
You don't create a database under a user in Oracle; I believe you're using terminology from another database poduct. The equivalent is a schema, which is a logical container for a group of objects. User and schema are essenentially synonymous in Oracle - when you create a user is automatically has its own schema.
You create the database once (which you already seem to have done, or had done for you), then create as many schemas/users as your application needs. You don't ever rerun the create database under normal circumstances - you certainly wouldn't as a normal user.
If you connect as that user you will be able to create tables, views, packages etc., assuming it has really been granted all the necessary privileges.