package com.lxw.hive;
import org.apache.hadoop.hive.ql.parse.ASTNode;
import org.apache.hadoop.hive.ql.parse.AbstractSemanticAnalyzerHook;
import org.apache.hadoop.hive.ql.parse.HiveParser;
import org.apache.hadoop.hive.ql.parse.HiveSemanticAnalyzerHookContext;
import org.apache.hadoop.hive.ql.parse.SemanticException;
import org.apache.hadoop.hive.ql.session.SessionState;
/**
* 只运行Admin用户(lxw用户)执行创建数据库,赋权等操作。
*/
public class MyAuthHook extends AbstractSemanticAnalyzerHook {
private static String admin = "lxw";
@Override
public ASTNode preAnalyze(HiveSemanticAnalyzerHookContext context,
ASTNode ast) throws SemanticException {
switch (ast.getToken().getType()) {
case HiveParser.TOK_CREATEDATABASE:
case HiveParser.TOK_DROPDATABASE:
case HiveParser.TOK_CREATEROLE:
case HiveParser.TOK_DROPROLE:
case HiveParser.TOK_GRANT:
case HiveParser.TOK_REVOKE:
case HiveParser.TOK_GRANT_ROLE:
case HiveParser.TOK_REVOKE_ROLE:
String userName = null;
if (SessionState.get() != null
&& SessionState.get().getAuthenticator() != null) {
userName = SessionState.get().getAuthenticator().getUserName();
}
if (!admin.equalsIgnoreCase(userName)) {
throw new SemanticException(userName
+ " can't use ADMIN options, except " + admin + ".");
}
break;
default:
break;
}
return ast;
}
}
打包放到$HIVE_HOME/lib目录下;
修改hive-site.xml
<property>
<name>hive.semantic.analyzer.hook</name>
<value>com.lxw.hive.MyAuthHook</value>
</property>
运行结果:
hive> drop database lxw2;
FAILED: Error in semantic analysis: lxw2 can't use ADMIN options, except lxw.
hive> create database lxw3;
FAILED: Error in semantic analysis: lxw2 can't use ADMIN options, except lxw.
hive> grant select on database lxw2 to user lxw2;
FAILED: Error in semantic analysis: lxw2 can't use ADMIN options, except lxw.