| Security Features | Implications |
|---|
| No additional security features | - All use the Hadoop user to access Hive.
- No security is applied.
|
- Kerberos authentication
- No secure impersonation
| - authenticate with the user keytab for all requests to Hive.
- If you receive an error when attempting to contact Hive, authentication likely failed due to a configuration error. Please contact your .
|
- Kerberos authentication
- Secure impersonation
| - authenticate with the user keytab and then send proxying requests on behalf of the user's Hadoop principal.
- If you receive an error when attempting to contact Hive, authentication likely failed due to a configuration error. Please contact your .
- Hive is responsible for respecting proxy permissions, with the
hive user itself proxying as proxying as the user's Hadoop principal.
|
- Kerberos authentication
- Secure authentication
- Sentry role-based access (Cloudera only)
- Ranger role-based access (Hortonworks only)
| - authenticate with the user keytab and then send proxying requests on behalf of the user's Hadoop principal.
- If you receive an error when attempting to contact Hive, authentication likely failed due to a configuration error. Please contact your .
- Hive executes access to the physical data file on HDFS as the Unix or LDAP user
hive, which should be part of the group .
|
- Sentry role-based access (Cloudera only)
| - Hive authorizes access with a Sentry lookaside. The user as well as the user's Hadoop principal should be configured with appropriate privileges and roles in Sentry.
|
- Kerberos authentication
- No secure authentication
- Sentry role-based access (Cloudera only)Ranger role-based access (Hortonworks only)
| - authenticate with the user keytab.
- If you receive an error when attempting to contact Hive, authentication likely failed due to a configuration error. Please contact your .
- Hive executes access to the physical data file on HDFS as the Unix or LDAP user
hive , which should be part of the group .
|
