Flink catalog+hive问题

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Flink catalog+hive问题

guaishushu1103@163.com
    在用flink catalog+hive做元数据持久化的时候,发现hive的ACL权限没有起作用,麻烦问下知道的大佬,flink是会直接跳过hive的ACL权限吗?



[hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Flink catalog+hive问题

19916726683
spark是可以通过配置来确定是用hive的acl还是用自己的acl,不清楚flink是不是也是这种模式


Original Message
Sender:guaishushu1103@[hidden email]
Recipient:[hidden email]
Date:Wednesday, Dec 23, 2020 15:53
Subject:Flink catalog+hive问题


在用flink catalog+hive做元数据持久化的时候,发现hive的ACL权限没有起作用,麻烦问下知道的大佬,flink是会直接跳过hive的ACL权限吗? [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Flink catalog+hive问题

Rui Li
hive的ACL用的是哪种呢?目前flink没有专门做ACL的对接,只有HMS端storage based authorization [1] 会生效

[1]
https://cwiki.apache.org/confluence/display/Hive/LanguageManual+Authorization#LanguageManualAuthorization-1StorageBasedAuthorizationintheMetastoreServer

On Wed, Dec 23, 2020 at 4:34 PM 19916726683 <[hidden email]> wrote:

> spark是可以通过配置来确定是用hive的acl还是用自己的acl,不清楚flink是不是也是这种模式
>
>
> Original Message
> Sender:guaishushu1103@[hidden email]
> Recipient:[hidden email]
> Date:Wednesday, Dec 23, 2020 15:53
> Subject:Flink catalog+hive问题
>
>
> 在用flink
> catalog+hive做元数据持久化的时候,发现hive的ACL权限没有起作用,麻烦问下知道的大佬,flink是会直接跳过hive的ACL权限吗?
> [hidden email]



--
Best regards!
Rui Li
Reply | Threaded
Open this post in threaded view
|

Re: Flink catalog+hive问题

19916726683
In reply to this post by guaishushu1103@163.com

hive的官网有介绍ACL,如何继承权限关系。源码在Hive-> HDFSUtils类中 核心代码应该是上面的这点。

 Original Message 
Sender: Rui Li<[hidden email]>
Recipient: user-zh<[hidden email]>
Date: Wednesday, Dec 23, 2020 19:41
Subject: Re: Flink catalog+hive问题

hive的ACL用的是哪种呢?目前flink没有专门做ACL的对接,只有HMS端storage based authorization [1] 会生效

[1]
https://cwiki.apache.org/confluence/display/Hive/LanguageManual+Authorization#LanguageManualAuthorization-1StorageBasedAuthorizationintheMetastoreServer

On Wed, Dec 23, 2020 at 4:34 PM 19916726683 <[hidden email]> wrote:

> spark是可以通过配置来确定是用hive的acl还是用自己的acl,不清楚flink是不是也是这种模式
>
>
> Original Message
> Sender:[hidden email]@163.com
> Recipient:[hidden email]
> Date:Wednesday, Dec 23, 2020 15:53
> Subject:Flink catalog+hive问题
>
>
> 在用flink
> catalog+hive做元数据持久化的时候,发现hive的ACL权限没有起作用,麻烦问下知道的大佬,flink是会直接跳过hive的ACL权限吗?
> [hidden email]



-- 
Best regards!
Rui Li
Reply | Threaded
Open this post in threaded view
|

Re: Flink catalog+hive问题

r pp
gmail  可能有些不兼容,看不到截图

19916726683 <[hidden email]> 于2020年12月24日周四 上午10:51写道:

> hive的官网有介绍ACL,如何继承权限关系。源码在Hive-> HDFSUtils类中 核心代码应该是上面的这点。
>
>  Original Message
> *Sender:* Rui Li<[hidden email]>
> *Recipient:* user-zh<[hidden email]>
> *Date:* Wednesday, Dec 23, 2020 19:41
> *Subject:* Re: Flink catalog+hive问题
>
> hive的ACL用的是哪种呢?目前flink没有专门做ACL的对接,只有HMS端storage based authorization [1] 会生效
>
> [1]https://cwiki.apache.org/confluence/display/Hive/LanguageManual+Authorization#LanguageManualAuthorization-1StorageBasedAuthorizationintheMetastoreServer
>
> On Wed, Dec 23, 2020 at 4:34 PM 19916726683 <[hidden email]> wrote:
>
> > spark是可以通过配置来确定是用hive的acl还是用自己的acl,不清楚flink是不是也是这种模式
> >
> >
> > Original Message
> > Sender:guaishushu1103@[hidden email]
> > Recipient:[hidden email]
> > Date:Wednesday, Dec 23, 2020 15:53
> > Subject:Flink catalog+hive问题
> >
> >
> > 在用flink
> > catalog+hive做元数据持久化的时候,发现hive的ACL权限没有起作用,麻烦问下知道的大佬,flink是会直接跳过hive的ACL权限吗?
> > [hidden email]
>
>
>
> --
> Best regards!
> Rui Li
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Flink catalog+hive问题

Rui Li
In reply to this post by 19916726683
Hello,

你贴的图看不到了。可以贴一下参考的官网链接。hive至少支持三种不同的authorization模式,flink目前对接hive时只有用storage
based authorization会生效。

On Thu, Dec 24, 2020 at 10:51 AM 19916726683 <[hidden email]> wrote:

> hive的官网有介绍ACL,如何继承权限关系。源码在Hive-> HDFSUtils类中 核心代码应该是上面的这点。
>
>  Original Message
> *Sender:* Rui Li<[hidden email]>
> *Recipient:* user-zh<[hidden email]>
> *Date:* Wednesday, Dec 23, 2020 19:41
> *Subject:* Re: Flink catalog+hive问题
>
> hive的ACL用的是哪种呢?目前flink没有专门做ACL的对接,只有HMS端storage based authorization [1] 会生效
>
> [1]https://cwiki.apache.org/confluence/display/Hive/LanguageManual+Authorization#LanguageManualAuthorization-1StorageBasedAuthorizationintheMetastoreServer
>
> On Wed, Dec 23, 2020 at 4:34 PM 19916726683 <[hidden email]> wrote:
>
> > spark是可以通过配置来确定是用hive的acl还是用自己的acl,不清楚flink是不是也是这种模式
> >
> >
> > Original Message
> > Sender:guaishushu1103@[hidden email]
> > Recipient:[hidden email]
> > Date:Wednesday, Dec 23, 2020 15:53
> > Subject:Flink catalog+hive问题
> >
> >
> > 在用flink
> > catalog+hive做元数据持久化的时候,发现hive的ACL权限没有起作用,麻烦问下知道的大佬,flink是会直接跳过hive的ACL权限吗?
> > [hidden email]
>
>
>
> --
> Best regards!
> Rui Li
>
>

--
Best regards!
Rui Li
Reply | Threaded
Open this post in threaded view
|

Re: Flink catalog+hive问题

19916726683
In reply to this post by guaishushu1103@163.com
可以参考下这个
https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html
贴的代码是org.apache.hadoop.hive.io.HdfsUtils 的setFullFileStatus 方法
Original Message
Sender:Rui [hidden email]
Recipient:[hidden email]
Date:Thursday, Dec 24, 2020 11:33
Subject:Re: Flink catalog+hive问题


Hello, 你贴的图看不到了。可以贴一下参考的官网链接。hive至少支持三种不同的authorization模式,flink目前对接hive时只有用storage based authorization会生效。 On Thu, Dec 24, 2020 at 10:51 AM 19916726683 [hidden email] wrote:  hive的官网有介绍ACL,如何继承权限关系。源码在Hive- HDFSUtils类中 核心代码应该是上面的这点。   Original Message  *Sender:* Rui [hidden email]  *Recipient:* [hidden email]  *Date:* Wednesday, Dec 23, 2020 19:41  *Subject:* Re: Flink catalog+hive问题   hive的ACL用的是哪种呢?目前flink没有专门做ACL的对接,只有HMS端storage based authorization [1] 会生效   [1]https://cwiki.apache.org/confluence/display/Hive/LanguageManual+Authorization#LanguageManualAuthorization-1StorageBasedAuthorizationintheMetastoreServer   On Wed, Dec 23, 2020 at 4:34 PM 19916726683 [hidden email] wrote:    spark是可以通过配置来确定是用hive的acl还是用自己的acl,不清楚flink是不是也是这种模式       Original Message   Sender:guaishushu1103@[hidden email]   Recipient:[hidden email]   Date:Wednesday, Dec 23, 2020 15:53   Subject:Flink catalog+hive问题       在用flink   catalog+hive做元数据持久化的时候,发现hive的ACL权限没有起作用,麻烦问下知道的大佬,flink是会直接跳过hive的ACL权限吗?   [hidden email]     --  Best regards!  Rui Li   -- Best regards! Rui Li
Reply | Threaded
Open this post in threaded view
|

Re: Flink catalog+hive问题

Rui Li
Hi,

你贴的是HDFS的权限控制,那应该就是基于storage的了。可以在HMS端开启验证,这样HiveCatalog去连接HMS的时候会生效。开启方式参考官网:
https://cwiki.apache.org/confluence/display/Hive/Storage+Based+Authorization+in+the+Metastore+Server

On Thu, Dec 24, 2020 at 2:14 PM 19916726683 <[hidden email]> wrote:

> 可以参考下这个
>
> https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html
> 贴的代码是org.apache.hadoop.hive.io.HdfsUtils 的setFullFileStatus 方法
> Original Message
> Sender:Rui [hidden email]
> Recipient:[hidden email]
> Date:Thursday, Dec 24, 2020 11:33
> Subject:Re: Flink catalog+hive问题
>
>
> Hello,
> 你贴的图看不到了。可以贴一下参考的官网链接。hive至少支持三种不同的authorization模式,flink目前对接hive时只有用storage
> based authorization会生效。 On Thu, Dec 24, 2020 at 10:51 AM 19916726683
> [hidden email] wrote:  hive的官网有介绍ACL,如何继承权限关系。源码在Hive- HDFSUtils类中
> 核心代码应该是上面的这点。   Original Message  *Sender:* Rui [hidden email]
> *Recipient:* [hidden email]  *Date:* Wednesday, Dec 23,
> 2020 19:41  *Subject:* Re: Flink catalog+hive问题
>  hive的ACL用的是哪种呢?目前flink没有专门做ACL的对接,只有HMS端storage based authorization [1]
> 会生效   [1]
> https://cwiki.apache.org/confluence/display/Hive/LanguageManual+Authorization#LanguageManualAuthorization-1StorageBasedAuthorizationintheMetastoreServer
>  On Wed, Dec 23, 2020 at 4:34 PM 19916726683 [hidden email] wrote:
>   spark是可以通过配置来确定是用hive的acl还是用自己的acl,不清楚flink是不是也是这种模式       Original
> Message   Sender:guaishushu1103@[hidden email]
> Recipient:[hidden email]   Date:Wednesday, Dec 23,
> 2020 15:53   Subject:Flink catalog+hive问题       在用flink
>  catalog+hive做元数据持久化的时候,发现hive的ACL权限没有起作用,麻烦问下知道的大佬,flink是会直接跳过hive的ACL权限吗?
>  [hidden email]     --  Best regards!  Rui Li   -- Best regards!
> Rui Li



--
Best regards!
Rui Li
Reply | Threaded
Open this post in threaded view
|

Flink catalog+hive问题

guaishushu1103@163.com
In reply to this post by 19916726683
在用flink   catalog+hive做元数据持久化的时候还存在几个问题
1. DDL的字段信息都在properties中导致字段无法增删改,只能重新建表;
2. 生成的表没有owner信息;
3. HMS的权限对于Flink + hive并没有作用,无权限也可以直接引用表;



[hidden email]
 
发件人: 19916726683
发送时间: 2020-12-24 13:59
收件人: user-zh
主题: Re: Flink catalog+hive问题
可以参考下这个
https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html
贴的代码是org.apache.hadoop.hive.io.HdfsUtils 的setFullFileStatus 方法
Original Message
Sender:Rui [hidden email]
Recipient:[hidden email]
Date:Thursday, Dec 24, 2020 11:33
Subject:Re: Flink catalog+hive问题
 
 
Hello, 你贴的图看不到了。可以贴一下参考的官网链接。hive至少支持三种不同的authorization模式,flink目前对接hive时只有用storage based authorization会生效。 On Thu, Dec 24, 2020 at 10:51 AM 19916726683 [hidden email] wrote:  hive的官网有介绍ACL,如何继承权限关系。源码在Hive- HDFSUtils类中 核心代码应该是上面的这点。   Original Message  *Sender:* Rui [hidden email]  *Recipient:* [hidden email]  *Date:* Wednesday, Dec 23, 2020 19:41  *Subject:* Re: Flink catalog+hive问题   hive的ACL用的是哪种呢?目前flink没有专门做ACL的对接,只有HMS端storage based authorization [1] 会生效   [1]https://cwiki.apache.org/confluence/display/Hive/LanguageManual+Authorization#LanguageManualAuthorization-1StorageBasedAuthorizationintheMetastoreServer   On Wed, Dec 23, 2020 at 4:34 PM 19916726683 [hidden email] wrote:    spark是可以通过配置来确定是用hive的acl还是用自己的acl,不清楚flink是不是也是这种模式       Original Message   Sender:guaishushu1103@[hidden email]   Recipient:[hidden email]   Date:Wednesday, Dec 23, 2020 15:53   Subject:Flink catalog+hive问题       在用flink   catalog+hive做元数据持久化的时候,发现hive的ACL权限没有起作用,麻烦问下知道的大佬,flink是会直接跳过hive的ACL权限吗?   [hidden email]     --  Best regards!  Rui Li   -- Best regards! Rui Li