折腾了3天终于把hue集成sentry研究明白了
安装Sentry
启动Sentry,首先要安装:
1. 安装sentry服务;
2. 在hive中搜索sentry service,点选Sentry;同时需要关掉hive的imperson;
3. 设置sentry.hive.testing.mode;如果不配置,执行sql语句在HUE中报错(java中通过jdbc访问直接返回NULL):Errorwhile compiling statement: FAILED: InvalidConfigurationExceptionhive.server2.authentication can't be none in non-testing mode
配置方式:
在hive的配置中搜索“Service-Wide advanced”,会有很多,看说明如下列:
“Hive Service Advanced Configuration Snippet (Safety Valve) forsentry-site.xml”
然后在value中添加
<property>
<name>sentry.hive.testing.mode</name>
<value>true</value>
</property>
创建角色
Error while compiling statement: FAILED: SemanticException No validprivileges User hive does not have privileges for SWITCHDATABASE The requiredprivileges:Server=server1->Db=*->Table=+->Column=*->action=select;Server=server1->Db=*->Table=+->Column=*->action=insert;
当你通过beeline以及!connectjdbc:hive2://localhost:10000/ hive hive进入到hive命令行之后,通过show roles可以发现当前没有角色;没有角色就没有权限;下面的SQL语句就是为hive用户赋予了管理员权限;GRANT ALL就是讲所有的权限赋予了admin角色,然后将hive用户和admin角色绑定。
root@bigdata-148024:~#beeline
JavaHotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize=512M; supportwas removed in 8.0
JavaHotSpot(TM) 64-Bit Server VM warning: Using incremental CMS is deprecated andwill likely be removed in a future release
JavaHotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize=512M; supportwas removed in 8.0
Beelineversion 1.1.0-cdh5.12.2 by Apache Hive
beeline>!connectjdbc:hive2://10.32.14.24:10000/default
Connectingto jdbc:hive2://10.32.14.24:10000/default
Enterusername for jdbc:hive2://10.32.14.24:10000/default: hive
Enterpassword for jdbc:hive2://10.32.14.24:10000/default: ****
Connectedto: Apache Hive (version 1.1.0-cdh5.12.2)
Create role admin;
GRANT ALL ON SERVER server1 TO ROLE admin WITHGRANT OPTION;
GRANT ROLE admin TO GROUP hive;
GRANT ROLEadmin TO GROUP default; ---hue的组是default