hive - Hive 通过 hive.security.authorization.createtable.role.grants 撤销授权错误（基于 SQL 标准的 Hive 授权）

问题描述

如何通过 hive.security.authorization.createtable.role.grants 撤销授权？

环境：

主机 172.31.10.119

端口 50033

版本 apache-hive-2.3.5-bin

数据库工具

蜂巢站点.xml

    <property> 
     <name>hive.security.authorization.createtable.role.grants</name>
     <value>da:select;</value> 
    </property>
    <property> 
     <name>hive.users.in.admin.role</name>
     <value>root,tools </value> 
    </property>

1. 启动 hiveserver2

   /opt/hive/hive-bin/bin/hiveserver2 --hiveconf hive.server2.thrift.port=50033 --hiveconf hive.server2.webui.port=10003

2. 创建表

/opt/hive/hive-bin/bin/beeline -u jdbc:hive2://172.31.10.119:50033 -n tools

use tools;

create table test1 as select * from tools.test99 limit 10;

show grant on table tools.test1;

+-----------+--------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+
    | database  |    table     | partition  | column  | principal_name  | principal_type  | privilege  | grant_option  |   grant_time   | grantor  |
    +-----------+--------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+
    | tools     | test1  |            |         | da        | ROLE            | SELECT     | true          | 1565061852000  | tools    |
    +-----------+--------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+

2. 撤销对角色 da 的选择

set role damin;

revoke select on table tools.test1 from role da;

3. 错误日志

失败：执行错误，从 org.apache.hadoop.hive.ql.exec.DDLTask 返回代码 1。在工具授予的对象 [type=TABLE_OR_VIEW, name=tools.test1] 上找不到主体 [name=da, type=ROLE] 的特权 Privilege [name=SELECT, columns=null]

标签： hive