标签：INFO grant command hive queryId 2021 role

sentry缺点：

1、组件只支持hive、hdfs、impala 不支持hbase,stome等

show roles;
create role admin_zr;
0: jdbc:hive2://cbp5.chinaoly.com:10000/> grant all on server server1 to role admin_zr;
INFO  : Compiling command(queryId=hive_20210404174040_4e155e03-79c5-40c4-a24a-7b0601588b30): grant all on server server1 to role admin_zr
INFO  : Semantic Analysis Completed
INFO  : Returning Hive schema: Schema(fieldSchemas:null, properties:null)
INFO  : Completed compiling command(queryId=hive_20210404174040_4e155e03-79c5-40c4-a24a-7b0601588b30); Time taken: 0.069 seconds
INFO  : Executing command(queryId=hive_20210404174040_4e155e03-79c5-40c4-a24a-7b0601588b30): grant all on server server1 to role admin_zr
INFO  : Starting task [Stage-0:DDL] in serial mode
INFO  : Completed executing command(queryId=hive_20210404174040_4e155e03-79c5-40c4-a24a-7b0601588b30); Time taken: 0.183 seconds
INFO  : OK
No rows affected (0.258 seconds)

#将admin_zr角色授权给hive用户组，并授权给hive组(对应操作系统的组)
0: jdbc:hive2://cbp5.chinaoly.com:10000/> grant role admin_zr to group hive;

#创建mytable05表，并插入测试数据
: jdbc:hive2://cbp5.chinaoly.com:10000/> create table mytable05(id int,name string);
0: jdbc:hive2://cbp5.chinaoly.com:10000/> insert into mytable05 values(1,'zhangsan'),(2,'lisi');

#创建测试角色并将角色授权给用户组
创建两个角色：
readrole:只能读default库mytable01表，并授权给readaccount用户组
writerole:只能写default库mytable01表，并授权给writeaccount用户组

#创建role
create role readrole;
create role wirterole;
#给予查询规则赋予给表mytab01
0: jdbc:hive2://cbp5.chinaoly.com:10000/> grant select on table mytab01 to role readrole;
INFO  : Compiling command(queryId=hive_20210404181717_12d3898d-a554-4ada-a603-c68bf31d11fa): grant select on table mytab01 to role readrole
INFO  : Semantic Analysis Completed
INFO  : Returning Hive schema: Schema(fieldSchemas:null, properties:null)
INFO  : Completed compiling command(queryId=hive_20210404181717_12d3898d-a554-4ada-a603-c68bf31d11fa); Time taken: 0.066 seconds
INFO  : Executing command(queryId=hive_20210404181717_12d3898d-a554-4ada-a603-c68bf31d11fa): grant select on table mytab01 to role readrole
INFO  : Starting task [Stage-0:DDL] in serial mode
INFO  : Completed executing command(queryId=hive_20210404181717_12d3898d-a554-4ada-a603-c68bf31d11fa); Time taken: 0.066 seconds
INFO  : OK
No rows affected (0.137 seconds)
0: jdbc:hive2://cbp5.chinaoly.com:10000/> 

#把写的权限赋予给mytable05表
0: jdbc:hive2://cbp5.chinaoly.com:10000/> grant insert on table mytable05 to role writerole;
INFO  : Compiling command(queryId=hive_20210404182121_d575c3a4-4f60-4082-b68f-577f1255720a): grant insert on table mytable05 to role writerole
INFO  : Semantic Analysis Completed
INFO  : Returning Hive schema: Schema(fieldSchemas:null, properties:null)
INFO  : Completed compiling command(queryId=hive_20210404182121_d575c3a4-4f60-4082-b68f-577f1255720a); Time taken: 0.063 seconds
INFO  : Executing command(queryId=hive_20210404182121_d575c3a4-4f60-4082-b68f-577f1255720a): grant insert on table mytable05 to role writerole
INFO  : Starting task [Stage-0:DDL] in serial mode
INFO  : Completed executing command(queryId=hive_20210404182121_d575c3a4-4f60-4082-b68f-577f1255720a); Time taken: 0.038 seconds
INFO  : OK
No rows affected (0.105 seconds)
0: jdbc:hive2://cbp5.chinaoly.com:10000/> 

#4、将readrole角色授权给readaccount用户组，writerole角色授权给writeaccount用户组
0: jdbc:hive2://cbp5.chinaoly.com:10000/> grant role readrole to group readaccount;
0: jdbc:hive2://cbp5.chinaoly.com:10000/> grant role writerole to group writeaccount;

标签：INFO,grant,command,hive,queryId,2021,role
来源： https://www.cnblogs.com/hackerer/p/14616698.html

本站声明： 1. iCode9 技术分享网（下文简称本站）提供的所有内容，仅供技术学习、探讨和分享；
2. 关于本站的所有留言、评论、转载及引用，纯属内容发起人的个人观点，与本站观点和立场无关；
3. 关于本站的所有言论和文字，纯属内容发起人的个人观点，与本站观点和立场无关；
4. 本站文章均是网友提供，不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属；如您发现该文章侵犯了您的权益，可联系我们第一时间进行删除；
5. 本站为非盈利性的个人网站，所有内容不会用来进行牟利，也不会利用任何形式的广告来间接获益，纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。