投稿
  1. 云图网首页
  2. 技术专区
  3. 大数据

apache_sentry详解大数据

大数据

Hadoop 权限

Sentry

Hive

  • beeline连接Hive

    beeline> !connect jdbc:hive2://datanode03:10000/default  
scan complete in 1ms 
Connecting to jdbc:hive2://datanode03:10000/default 
Enter username for jdbc:hive2://datanode03:10000/default: hive 
Enter password for jdbc:hive2://datanode03:10000/default: ****

    用户名和密码:hive/hive

     GRANT ALL ON DATABASE db3 TO ROLE etl;

  • 修改 hive-site.xml文件,关掉 HiveServer2 impersonation

  • 创建用户并赋权

     jdbc:hive2://10.205.58.36:10000> CREATE ROLE admin; 
 jdbc:hive2://10.205.58.36:10000> GRANT ROLE admin TO GROUP hive; 
 jdbc:hive2://10.205.58.36:10000> GRANT ALL ON server SentryHostname to role admin; 
 jdbc:hive2://10.205.58.36:10000>  
 jdbc:hive2://10.205.58.36:10000> CREATE ROLE etl;  
 jdbc:hive2://10.205.58.36:10000> GRANT ROLE etl TO GROUP etl; 
 jdbc:hive2://10.205.58.36:10000>GRANT SELECT ON DATABASE app TO ROLE etl;GRANT SELECT ON DATABASE web TO ROLE etl; 
......
    [databases] 
 
# Defines the location of the per DB policy file for the customers DB/schema 
 
 
#db1 = hdfs://cdh1:8020/user/hive/sentry/db1.ini 
 
 
[groups] 
admin = any_operation 
hive = any_operation 
test = select_filtered 
 
[roles] 
any_operation = server=server1->db=*->table=*->action=* 
select_filtered = server=server1->db=filtered->table=*->action=SELECT 
select_us = server=server1->db=filtered->table=events_usonly->action=SELECT 
 
[users] 
test = test 
hive= hive 
 
$ hdfs dfs -rm -r /user/hive/sentry/sentry-provider.ini 
$ hdfs dfs -put /tmp/sentry-provider.ini /user/hive/sentry/ 
$ hdfs dfs -chown hive:hive /user/hive/sentry/sentry-provider.ini 
$ hdfs dfs -chmod 640 /user/hive/sentry/sentry-provider.ini

Hive SQL Syntax for Use with Sentry

  • 创建和删除角色

    • 创建角色: create role ROLE_NAME
    • 删除角色: droop role ROLE_NAME

  • 角色的授权和撤销

    GRANT ROLE role_name [, role_name] TO GROUP <groupName> [,GROUP <groupName>] 
REVOKE ROLE role_name [, role_name] FROM GROUP <groupName> [,GROUP <groupName>]

  • 权限的授予和撤销

    GRANT <PRIVILEGE> [, <PRIVILEGE> ] ON <OBJECT> <object_name> TO ROLE <roleName> [,ROLE <roleName>] 
REVOKE <PRIVILEGE> [, <PRIVILEGE> ] ON <OBJECT> <object_name> FROM ROLE <roleName> [,ROLE <roleName>]

  • 查看角色/组权限

    SHOW ROLES; 
SHOW CURRENT ROLES; 
SHOW ROLE GRANT GROUP <groupName>; 
SHOW GRANT ROLE <roleName>; 
SHOW GRANT ROLE <roleName> on OBJECT <objectName>;

Hbase权限控制

  • HBase grant permission
HBase shell Commands Description
grant ‘boopathi’, ‘RW’, ‘table’ User with this permission can manage data on the specified table only.
grant ‘boopathi’, ‘RW’, ‘namespace:table’ Granting permission Read and Write permission for user on table, which is present inside namespace. Here you will not give prefix with namesapce.
grant ‘boopathi’, ‘RWCA’, Grant permission for user boopathi on specified ‘namespace’ only. In this case user can perform all operation on the given namespace.
grant ‘boopathi’, ‘RWCA’ Grant permission for user ‘boopathi’ with all access globally.
grant , ‘RWXC’, Grant permission for groups on specified namespace.
grant , ‘RWXC’ Grant permission for groups here. It will be easy to manage, in case of groups. This is given on global scope.
grant , ‘RW’, ‘namespace:table’ Grant permission for group on table in namespace.
  • HBase get permission details
HBase shell Commands Description
user_permission List all the user and the permission on the global scope.
user_permission List all the user in the specified namespace.
user_permission ‘namespace:table’ List all users, who have permissions on the table in the namespace
user_permission ‘table’ List all the users, who have permission on the table.

- HBase Revoke Access

HBase shell Commands Description
revoke ‘boopathi’ Revoke all the access of the user on the global level.
revoke ‘boopathi’, ‘table’ Revoke all the access of the user on the table he has.
revoke ‘boopathi’, Revoke permissions on the specified namespace level.
revoke ‘boopathi’, ‘namespace:table’ Revoke permission on table in namespace.

异常信息

  • can't be none in non-testing mode

    • 异常信息

      Error: Error while compiling statement: FAILED: InvalidConfigurationException hive.server2.authentication can't be none in non-testing mode (state=42000,code=40000)

    • 解决方式

      <property> 
  <name>sentry.hive.testing.mode</name> 
  <value>true</value> 
</property>

参考资料

hive

hbase

原创文章,作者:奋斗,如若转载,请注明出处:https://blog.ytso.com/tech/bigdata/9555.html

(0)
0 0
上一篇 2021年7月19日 11:20
下一篇 2021年7月19日 11:20

相关推荐

发表回复

登录后才能评论