欢迎来到天天文库
浏览记录
ID:42562059
大小:24.01 KB
页数:6页
时间:2019-09-17
《hive+senrty 权限命令(beeline)》由会员上传分享,免费在线阅读,更多相关内容在教育资源-天天文库。
1、Column-levelAuthorizationThefollowingcommandgrantsarolethe SELECT privilegeonacolumn:GRANTSELECT(column_name)ONTABLEtable_nameTOROLErole_name;Thefollowingcommandcanbeusedtorevokethe SELECT privilegeonacolumn:REVOKESELECT(column_name)ONTABLEtable_nameFROMROLErole_name;Anynewcolumnsaddedtoat
2、ablewillbeinaccessiblebydefault,untilexplicitlygrantedaccess.ActionsallowedforuserswithSELECTprivilegeonacolumn:Userswhoseroleshavebeengrantedthe SELECT privilegeoncolumnsonly,canperformoperationswhichexplicitlyrefertothosecolumns.Someexamplesare:·SELECTcolumn_nameFROMTABLEtable_name;Inthi
3、scase,Sentrywillfirstchecktoseeiftheuserhastherequiredprivilegestoaccessthetable.Itwillthenfurtherchecktoseewhethertheuserhasthe SELECTprivilegetoaccessthecolumn(s).·SELECTCOUNT(column_name)FROMTABLEtable_name;Usersarealsoallowedtousethe COUNT functiontoreturnthenumberofvaluesinthecolumn.·
4、SELECTcolumn_nameFROMTABLEtable_nameWHEREcolumn_nameGROUPBYcolumn_name;Theabovecommandwillworkaslongasyoureferonlytocolumnstowhichyoualreadyhaveaccess.·Tolistthecolumn(s)towhichthecurrentuserhas SELECT access:SHOWCOLUMNS;Exceptions:·Ifauserhas SELECT accesstoallcolumnsinatable,th
5、efollowingcommandwillwork.Notethatthisisanexception,notthenorm.Inallothercases, SELECT onallcolumnsdoes not allowyoutoperformtable-leveloperations.SELECT*FROMTABLEtable_name;·The DESCRIBE tablecommanddiffersfromtheothers,inthatitdoesnotfilteroutcolumnsforwhichtheuserdoesnothave SELECT acce
6、ss.DESCRIBE(table_name);Limitations:·Column-levelprivilegescanonlybeappliedtotablesandpartitions,notviews.·HDFS-SentrySync: WithHDFS-Sentrysyncenabled,evenifauserhasbeengrantedaccesstoallcolumnsofatable,theywillnothaveaccesstothecorrespondingHDFSdatafiles.ThisisbecauseSentrydoesnotconsider
7、 SELECT onallcolumnsequivalenttoexplicitlybeinggranted SELECT onthetable.·Column-levelaccesscontrolforaccessfromSparkSQLisnotsupportedbytheHDFS-Sentryplug-in.CREATEROLEStatementThe CREATEROLE statementcreatesaroletowhichprivilegescanbegranted.Privilegescanbegr
此文档下载收益归作者所有