-
hive权限用Sentry详细使用测试文档(3)
- 作者:谢昕芙 分类:电脑技术 发布时间:2021-07-10 16:56:00
// show role grant group user1 (查看user1的角色列表)// show role grant group user2(查看user2的角色列表)0: jdbc:hive2://uhadoop-4wvgxxla-master2:1000> show role grant group user1;+---...
// show role grant group user1 (查看user1的角色列表)// show role grant group user2(查看user2的角色列表)0: jdbc:hive2://uhadoop-4wvgxxla-master2:1000> show role grant group user1;+--------+---------------+-------------+----------+| role | grant_option | grant_time | grantor |+--------+---------------+-------------+----------+| role1 | false | 0 | -- |+--------+---------------+-------------+----------+1 row selected (0.144 seconds)0: jdbc:hive2://uhadoop-4wvgxxla-master2:1000> show role grant group user2;+--------+---------------+-------------+----------+| role | grant_option | grant_time | grantor |+--------+---------------+-------------+----------+| role2 | false | 0 | -- |+--------+---------------+-------------+----------+1 row selected (0.125 seconds)
4 使用user1, user2用户登陆,验证权限隔离//user1登陆,只能看到db1数据库beeline -u "jdbc:hive2://uhadoop-4wvgxxla-master2:10000" -n user1 -e "show databases;"
// user2用户登陆,只能看到db2数据库beeline -u "jdbc:hive2://uhadoop-4wvgxxla-master2:10000" -n user2 -e "show databases;"
- 其他使用测试5.1 将role从角色中剔除REVOKE ROLE role1 FROM GROUP user1;删除role//先查看角色列表show roles
// 删除角色drop role role2;
角色权限撤销// 先查看角色当前授权信息show grant role role1;
// 将db1的操作权限从role1撤销revoke all on database db1 from role role1;
授权语句说明:角色授权和撤销GRANT ROLE role_name [, role_name] TO GROUP
权限的授予和撤销GRANT
查看角色/组权限SHOW ROLES;SHOW CURRENT ROLES;SHOW ROLE GRANT GROUP
查看所有的角色0: jdbc:hive2://uhadoop-4wvgxxla-master2:1000> show roles;+--------+| role |+--------+| admin || role1 || role2 |+--------+3 rows selected (0.12 seconds)
#将某个数据库读权限授予给某个roleGRANT SELECT ON DATABASE db_name TO ROLE role_name;
#将test 表的 S1 列的读权限授权给role_name (TABLE也可以不写)GRANT SELECT(s1) ON TABLE test TO ROLE role_name;
#test表的select 权限给 role_name 角色 GRANT SELECT ON TABLE test TO ROLE role_name;
例子:目前有2个用户user1 // 有db1下t1 表的所有权限user2 // 有db2下t2 表的所有权限
目前有角色+--------+| role |+--------+| admin | //所有库的最高权限 all | role1 | // 只有db1库的所有权限| role2 | // 只有db2库下的所有权限+--------+
0: jdbc:hive2://uhadoop-4wvgxxla-master2:1000> show databases;+------------------------+| database_name |+------------------------+| db1 | | db2 || default || temp | | test_hive_ucloud10086 |+------------------------+
[hadoop@uhadoop-4wvgxxla-master1 ~]$ beeline -u "jdbc:hive2://uhadoop-4wvgxxla-master2:10000" -n user2 -e "select * from db2.t2;"Transaction isolation: TRANSACTION_REPEATABLE_READ+---------+| t2.id |+---------+| t2_001 || t2_002 |+---------+2 rows selected (0.631 seconds)Beeline version 2.3.3 by Apache Hive[hadoop@uhadoop-4wvgxxla-master1 ~]$ beeline -u "jdbc:hive2://uhadoop-4wvgxxla-master2:10000" -n user2 -e "insert into db2.t2 values ('t2_003'),('t2_004');"Connected to: Apache Hive (version 2.3.3)Driver: Hive JDBC (version 2.3.3)Transaction isolation: TRANSACTION_REPEATABLE_READNo rows affected (25.708 seconds)
再查询一次,ok 插入成功Transaction isolation: TRANSACTION_REPEATABLE_READ+---------+| t2.id |+---------+| t2_001 || t2_002 || t2_003 || t2_004 |+---------+4 rows selected (0.605 seconds)Beeline version 2.3.3 by Apache HiveClosing: 0: jdbc:hive2://uhadoop-4wvgxxla-master2:10000
接下来,我有个需求,我想把temp下的student表给user2开放首先user2对于的role2角色要有temp库的select权限然后再把temp库下的student表的select权限给到role2 这个角色那么user2属于role2 角色下 自然就有了temp下的student表的select权限
猜您喜欢
- 如何轻松使用alook看百度网盘视频,一..2024-04-07
- PCL2启动器: 简单易用的联机方式,与你..2024-04-07
- 如何关闭浏览器自动登录功能:百分浏..2024-04-05
- 谷歌访问助手用不了?你可能不知道的..2024-04-05
- Windows端口被占用?教你一招轻松解决..2024-04-05
- 【轻松一刻】如何用Windows电脑连接苹..2024-04-04
相关推荐
- steam退款条件是什么 steam退款条件超过..2023-11-07
- 文本文档怎么更改文件类型_文本文档..2021-06-24
- Win11看视频卡顿?一招解决,让你的媒..2024-02-22
- 如何下载浏览器视频 教你下载浏览器..2021-05-06
- 怎么在电脑上登陆/退出微信?群聊,微信..2020-12-13
- 轻松输入姓名中间点的秘密技巧,你竟..2023-12-13