beeline -u "jdbc:hive2://uhadoop-4wvgxxla-master2:10000" -n hive -e "create table db2.t2(id string);"

beeline -u "jdbc:hive2://uhadoop-4wvgxxla-master2:10000" -n hive -e "insert into db2.t2 values ('t2_001'),('t2_002');"

0: jdbc:hive2://uhadoop-4wvgxxla-master2:1000> use db1;No rows affected (0.173 seconds)0: jdbc:hive2://uhadoop-4wvgxxla-master2:1000> show tables;+-----------+| tab_name |+-----------+| t1 |+-----------+1 row selected (0.208 seconds)0: jdbc:hive2://uhadoop-4wvgxxla-master2:1000> select * from t1;+---------+| t1.id |+---------+| t1_001 || t1_002 |+---------+2 rows selected (0.294 seconds)

0: jdbc:hive2://uhadoop-4wvgxxla-master2:1000> select * from db2.t2;+---------+| t2.id |+---------+| t2_001 || t2_002 |+---------+2 rows selected (0.304 seconds)

3.2 master1,master2节点上创建linux测试用户user1, user2useradd -M -s /sbin/nologin user1

useradd -M -s /sbin/nologin user2

cat /etc/passwd user1:x:1004:1005::/home/user1:/sbin/nologinuser2:x:1005:1006::/home/user2:/sbin/nologin

3.3 hive中创建两个角色，分别授予不同的角色权限//创建角色role1, 授予其对db1的管理权限beeline -u "jdbc:hive2://uhadoop-4wvgxxla-master2:10000" -n hive -e "CREATE ROLE role1;"beeline -u "jdbc:hive2://uhadoop-4wvgxxla-master2:10000" -n hive -e "grant all on database db1 to role role1 with grant option;"

//创建角色role2, 授予其对db2的管理权限beeline -u "jdbc:hive2://uhadoop-4wvgxxla-master2:10000" -n hive -e "CREATE ROLE role2;"beeline -u "jdbc:hive2://uhadoop-4wvgxxla-master2:10000" -n hive -e "grant all on database db2 to role role2 with grant option;"

// show grant role role1; (查看role1角色的权限列表)// show grant role role2; (查看role2角色的权限列表)

0: jdbc:hive2://uhadoop-4wvgxxla-master2:1000> show grant role role1;+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+| database | table | partition | column | principal_name | principal_type | privilege | grant_option | grant_time | grantor |+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+| db1 | | | | role1 | ROLE | | true | 1583739035000 | -- |+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+1 row selected (0.215 seconds)0: jdbc:hive2://uhadoop-4wvgxxla-master2:1000> show grant role role2;+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+| database | table | partition | column | principal_name | principal_type | privilege | grant_option | grant_time | grantor |+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+| db2 | | | | role2 | ROLE | | true | 1583739057000 | -- |+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+1 row selected (0.119 seconds)0: jdbc:hive2://uhadoop-4wvgxxla-master2:1000> show grant role admin;+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+| database | table | partition | column | principal_name | principal_type | privilege | grant_option | grant_time | grantor |+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+| | | | | admin | ROLE | | false | 1583737318000 | -- |+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+1 row selected (0.131 seconds)

3.4 管理员用户登陆hive,为两个用户赋予不同的角色beeline -u "jdbc:hive2://uhadoop-4wvgxxla-master2:10000" -n hive -e "GRANT ROLE role1 TO GROUP user1;"

beeline -u "jdbc:hive2://uhadoop-4wvgxxla-master2:10000" -n hive -e "GRANT ROLE role2 TO GROUP user2;"