Understanding Hive Authorization Use Cases

Table Storage Layer and SQL Query Engine are the two primary use cases for client-based authorization protection, delivered as part of the open source project.

Use Case 1: Table Storage Layer

This is the use case for Hive HCatalog API users.

In this case, Hive provides a table abstraction and metadata for files on storage (typically MapR file system). You have direct access to MapR file system and the metastore server (which provides an API for metadata access).

MapR file system access is authorized through the use of MapR file system permissions. You need to authorize metadata access using Hive configuration.

Use Case 2: SQL Query Engine

This is one of the most common use cases of Hive. This is the "Hive view" of SQL users and BI tools. This use case has the following two subcategories:
  • Hive command line users - You have direct access to MapR file system and the Hive metastore, which makes this use case similar to use case 1.
  • ODBC/JDBC and other HiveServer2 API users (Beeline CLI is an example) - You have all data or metadata access through HiveServer2. You do not have direct access to MapR file system or the metastore.