hive创建角色并赋权


1 角色管理命令
1.1 创建角色

创建一个新角色,需要 admin 用户执行

CREATE ROLE role_name;

1.2 删除角色

删除一个角色,需要 admin 用户执行

DROP ROLE role_name;

1.3 显示当前角色

显示用户当前角色列表

SHOW CURRENT ROLES;

1.4 设定角色

如果指定了role_name,则该角色将成为当前角色中的唯一角色
将Role_Name设置为All将刷新当前角色的列表(在新角色被授予用户的情况下),并将其设置为默认的角色列表。
将Role_Name设置为None将从当前用户中删除所有当前角色。

SET ROLE (role_name|ALL|NONE);

1.5 显示角色

列出所有当前存在的角色。
只有admin角色对此有特权。

SHOW ROLES;

1.6 赋权/撤销语法

第一种
将一个或多个角色授予其他角色或用户。
如果指定了“WITH ADMIN OPTION”,则用户将获得将该角色授予其他用户/角色的权限。
如果授予语句最终在角色之间创建循环关系,则该命令将失败并出现错误。

  GRANT role_name [, role_name] ...
TO principal_specification [, principal_specification] ...
[ WITH ADMIN OPTION ];

principal_specification
: USER user
| ROLE role

从FROM子句中的用户/角色中撤消角色的成员权限。

 REVOKE [ADMIN OPTION FOR] role_name [, role_name] ...
FROM principal_specification [, principal_specification] ... ;

principal_specification
: USER user
| ROLE role

第二种

  GRANT ROLE role_name [, role_name] ...
TO principal_specification [, principal_specification] ...
[WITH ADMIN OPTION]

REVOKE [ADMIN OPTION FOR] ROLE role_name [, role_name] ...
FROM principal_specification [, principal_specification] ...

principal_specification:
USER user
| GROUP group
| ROLE role

1.7 显示角色授予

principal_name是用户或角色的名称。
列出已授予给定用户或角色的所有角色。

SHOW ROLE GRANT (USER|ROLE|GROUP ) principal_name;

示例:

0: jdbc:hive2://localhost:10000> SHOW ROLE GRANT USER user1;
+---------+---------------+----------------+----------+
| role | grant_option | grant_time | grantor |
+---------+---------------+----------------+----------+
| public | false | 0 | |
| role1 | false | 1398284083000 | uadmin |
+---------+---------------+----------------+----------+

1.8 列出所有角色和属于该角色的用户

仅admin角色对此具有特权。

SHOW PRINCIPALS role_name;

示例:

0: jdbc:hive2://localhost:10000> SHOW PRINCIPALS role1;
+-----------------+-----------------+---------------+----------+---------------+----------------+
| principal_name | principal_type | grant_option | grantor | grantor_type | grant_time |
+-----------------+-----------------+---------------+----------+---------------+----------------+
| role2 | ROLE | false | uadmin | USER | 1398285926000 |
| role3 | ROLE | true | uadmin | USER | 1398285946000 |
| user1 | USER | false | uadmin | USER | 1398285977000 |
+-----------------+-----------------+---------------+----------+---------------+----------------+

2 权限管理
2.1 赋权和移除权限

对表或视图赋权/撤销授权

GRANT
priv_type [, priv_type ] ...
ON table_or_view_name
TO principal_specification [, principal_specification] ...
[WITH GRANT OPTION];

REVOKE [GRANT OPTION FOR]
priv_type [, priv_type ] ...
ON table_or_view_name
FROM principal_specification [, principal_specification] ... ;

principal_specification
: USER user
| ROLE role

priv_type
: INSERT | SELECT | UPDATE | DELETE | ALL

对列赋权/撤销授权

GRANT
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
[ON object_specification]
TO principal_specification [, principal_specification] ...
[WITH GRANT OPTION]

REVOKE [GRANT OPTION FOR]
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
[ON object_specification]
FROM principal_specification [, principal_specification] ...

REVOKE ALL PRIVILEGES, GRANT OPTION
FROM user [, user] ...

priv_type:
ALL | ALTER | UPDATE | CREATE | DROP
| INDEX | LOCK | SELECT | SHOW_DATABASE

object_specification:
TABLE tbl_name
| DATABASE db_name

principal_specification:
USER user
| GROUP group
| ROLE role

如果授予用户对表或视图的WITH GRANT OPTION特权,则该用户还可以赋权/撤消其他用户的特权以及这些对象上的角色。
示例:

0: jdbc:hive2://localhost:10000/default> grant select on table secured_table to role my_role;
No rows affected (0.046 seconds)

0: jdbc:hive2://localhost:10000/default> revoke update, select on table secured_table from role my_role;
No rows affected (0.028 seconds)

2.2 显示权限

SHOW GRANT [principal_specification] ON (ALL | [TABLE] table_or_view_name);

principal_specification
: USER user
| ROLE role

2.3 管理对象权限的示例
2.3.1 创建角色,并将指定数据库所有/只读权限赋给该角色

--创建名为bigdata_admin_role的角色
CREATE ROLE bigdata_admin_role;
--将数据库bigdata_db的所有权限赋给bigdata_admin_role角色
GRANT ALL ON DATABASE bigdata_db TO ROLE bigdata_admin_role;
--将集群路径所有权限赋权给bigdata_admin_role角色
GRANT ALL ON URI 'hdfs://nameservice/user/bigdata' TO bigdata_admin_role;
--将bigdata_admin_role角色的权限给到bigdata_g组
GRANT ROLE bigdata_admin_role TO GROUP bigdata_g;
--至此,bigdata_g 组下的所有用户拥有了操作bigdata_db库的所有权限

--创建名为bigdata_read_role的角色,该角色只有只读权限
CREATE ROLE bigdata_read_role;
--将数据库bigdata_db的select权限赋给bigdata_read_role角色
GRANT SELECT ON DATABASE bigdata_db TO ROLE bigdata_read_role;
--将集群路径所有权限赋权给bigdata_admin_role角色
GRANT ALL ON URI 'hdfs://nameservice/user/bigdata' TO bigdata_read_role;
--将bigdata_admin_role角色的权限给到bigdata_g组
GRANT ROLE bigdata_read_role TO GROUP bigdata_g;
--至此,bigdata_g 组下的所有用户拥有了操作bigdata_db库的读权限

--创建一个用户组hive_g,并给该角色赋权查询bigdata_db.test_tb的权限
CREATE ROLE hive_read_role;
GRANT ROLE hive_read_role TO GROUP hive_g;
GRANT SELECT ON TABLE bigdata_db.test_tb TO ROLE hive_read_role;

找出用户ashutosh对表hivejiratable拥有的特权:

0: jdbc:hive2://localhost:10000> show grant user ashutosh on table hivejiratable;
+-----------+----------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+
| database | table | partition | column | principal_name | principal_type | privilege | grant_option | grant_time | grantor |
+-----------+----------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+
| default | hivejiratable | | | ashutosh | USER | DELETE | false | 1398303419000 | thejas |
| default | hivejiratable | | | ashutosh | USER | SELECT | false | 1398303407000 | thejas |
+-----------+----------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+

找出用户ashutosh对所有对象具有的特权:

0: jdbc:hive2://localhost:10000> show grant user ashutosh on all;
+-----------+-------------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+
| database | table | partition | column | principal_name | principal_type | privilege | grant_option | grant_time | grantor |
+-----------+-------------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+
| default | hivecontributors | | | ashutosh | USER | DELETE | false | 1398303576000 | thejas |
| default | hivecontributors | | | ashutosh | USER | INSERT | false | 1398303576000 | thejas |
| default | hivecontributors | | | ashutosh | USER | SELECT | false | 1398303576000 | thejas |
| default | hivejiratable | | | ashutosh | USER | DELETE | false | 1398303419000 | thejas |
| default | hivejiratable | | | ashutosh | USER | SELECT | false | 1398303407000 | thejas |
+-----------+-------------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+

找出所有用户对表hivejiratable拥有的特权:

0: jdbc:hive2://localhost:10000> show grant on table hivejiratable;
+-----------+----------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+
| database | table | partition | column | principal_name | principal_type | privilege | grant_option | grant_time | grantor |
+-----------+----------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+
| default | hivejiratable | | | ashutosh | USER | DELETE | false | 1398303419000 | thejas |
| default | hivejiratable | | | ashutosh | USER | SELECT | false | 1398303407000 | thejas |
| default | hivejiratable | | | navis | USER | INSERT | false | 1398303650000 | thejas |
| default | hivejiratable | | | navis | USER | SELECT | false | 1398303650000 | thejas |
| default | hivejiratable | | | public | ROLE | SELECT | false | 1398303481000 | thejas |
| default | hivejiratable | | | thejas | USER | DELETE | true | 1398303380000 | thejas |
| default | hivejiratable | | | thejas | USER | INSERT | true | 1398303380000 | thejas |
| default | hivejiratable | | | thejas | USER | SELECT | true | 1398303380000 | thejas |
| default | hivejiratable | | | thejas | USER | UPDATE | true | 1398303380000 | thejas |
+-----------+----------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+

原创:https://www.panoramacn.com
源码网提供WordPress源码,帝国CMS源码discuz源码,微信小程序,小说源码,杰奇源码,thinkphp源码,ecshop模板源码,微擎模板源码,dede源码,织梦源码等。

专业搭建小说网站,小说程序,杰奇系列,微信小说系列,app系列小说

hive创建角色并赋权

免责声明,若由于商用引起版权纠纷,一切责任均由使用者承担。

您必须遵守我们的协议,如果您下载了该资源行为将被视为对《免责声明》全部内容的认可-> 联系客服 投诉资源
www.panoramacn.com资源全部来自互联网收集,仅供用于学习和交流,请勿用于商业用途。如有侵权、不妥之处,请联系站长并出示版权证明以便删除。 敬请谅解! 侵权删帖/违法举报/投稿等事物联系邮箱:2640602276@qq.com
未经允许不得转载:书荒源码源码网每日更新网站源码模板! » hive创建角色并赋权
关注我们小说电影免费看
关注我们,获取更多的全网素材资源,有趣有料!
120000+人已关注
分享到:
赞(0) 打赏

评论抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

您的打赏就是我分享的动力!

支付宝扫一扫打赏

微信扫一扫打赏