Using Qubole Hive Authorization¶
Understanding Qubole Hive Authorization describes Hive authorization, privileges, and known issues. Hive Authorization is not enabled in QDS by default. To enable it for your account, create a Qubole Support ticket.
Once Qubole has enabled Hive Authorization in your account, QDS sets
and adds it to Hive’s
This prevents users from bypassing Hive authorization when they run a query. If you later want to change the setting of
hive.security.authorization.enabled at the cluster level, you can do so in the QDS UI: set it in the
Override Hive Configuration field in the Hive Settings section under the Advanced Configuration tab of a
Hadoop (Hive) cluster, then restart the cluster. To change the setting at the account level,
create a Qubole support ticket.
- To use Hive tables, use <username>@<emaildomain.com> as the login username;
for example, if your username is
user1, log in as
firstname.lastname@example.org. The default password is empty.
- QDS Hive has two users, user and admin as in open-source Hive, and two default roles, public and admin.
- The admin user can create custom roles in addition to the default roles (for example, a role called finance).
- As an admin, you can grant these roles to users.
- The admin can also grant privileges to users as described in Understanding Privileges for Users and Roles. For example, you can
INSERTprivilege to the finance role for the
- You can set
hive.qubole.authz.strict.show.tables=trueas a Hadoop override on the Cluster page of the QDS UI, to allow users to see only tables they have
SELECTaccess to when they run