doc-exports/docs/mrs/component-operation-guide-lts/mrs_01_0959.html

<a name="mrs_01_0959"></a><a name="mrs_01_0959"></a>

<h1 class="topictitle1">Access Control of a Dynamic Table View on Hive</h1>
<div id="body8662426"><div class="section" id="mrs_01_0959__en-us_topic_0000001219149125_section1540911491102"><h4 class="sectiontitle">Scenario</h4><p id="mrs_01_0959__en-us_topic_0000001219149125_p551217491603">This section describes how to create a view on Hive when <span id="mrs_01_0959__en-us_topic_0000001219149125_text178923311185">MRS</span> is configured in security mode, authorize access permissions to different users, and specify that different users access different data.</p>
<p id="mrs_01_0959__en-us_topic_0000001219149125_p1451217491902">In the view, Hive can obtain the built-in function <strong id="mrs_01_0959__en-us_topic_0000001219149125_b1587513431793">current_user()</strong> of the users who submit tasks on the client and filter the users. This way, authorized users can only access specific data in the view.</p>
<div class="note" id="mrs_01_0959__en-us_topic_0000001219149125_note441264910018"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="mrs_01_0959__en-us_topic_0000001219149125_p12512204919011">In normal mode, the<strong id="mrs_01_0959__en-us_topic_0000001219149125_b1531035215913"> current_user()</strong> function cannot distinguish users who submit tasks on the client. Therefore, the access control function takes effect only for Hive in security mode.</p>
<p id="mrs_01_0959__en-us_topic_0000001219149125_p151254910015">If the <strong id="mrs_01_0959__en-us_topic_0000001219149125_b10580115918920">current_user()</strong> function is used in the actual service logic, the possible risks must be fully evaluated during the conversion between the security mode and normal mode.</p>
</div></div>
</div>
<div class="section" id="mrs_01_0959__en-us_topic_0000001219149125_section194178491307"><h4 class="sectiontitle">Operation Example</h4><ul id="mrs_01_0959__en-us_topic_0000001219149125_ul145124497017"><li id="mrs_01_0959__en-us_topic_0000001219149125_li1513144917010">If the current_user function is not used, different views need to be created for different users to access different data.<ul id="mrs_01_0959__en-us_topic_0000001219149125_ul8513164910015"><li id="mrs_01_0959__en-us_topic_0000001219149125_li351319495012">Authorize the view <strong id="mrs_01_0959__en-us_topic_0000001219149125_b1051314493019">v1</strong> permission to user <strong id="mrs_01_0959__en-us_topic_0000001219149125_b1051394910015">hiveuser1</strong>. The user <strong id="mrs_01_0959__en-us_topic_0000001219149125_b1513194912012">hiveuser1</strong> can access data with <strong id="mrs_01_0959__en-us_topic_0000001219149125_b19513149401">type</strong> set to <strong id="mrs_01_0959__en-us_topic_0000001219149125_b85131498019">hiveuser1</strong> in <strong id="mrs_01_0959__en-us_topic_0000001219149125_b16513749301">table1</strong>.<p id="mrs_01_0959__en-us_topic_0000001219149125_p87581125111012"><strong id="mrs_01_0959__en-us_topic_0000001219149125_b456271391118">create view v1 as select * from table1 where type='hiveuser1'</strong></p>
</li></ul>
<ul id="mrs_01_0959__en-us_topic_0000001219149125_ul185131649609"><li id="mrs_01_0959__en-us_topic_0000001219149125_li85135493014">Authorize the view <strong id="mrs_01_0959__en-us_topic_0000001219149125_b851317491018">v2</strong> permission to user <strong id="mrs_01_0959__en-us_topic_0000001219149125_b16513149108">hiveuser2</strong>. The user <strong id="mrs_01_0959__en-us_topic_0000001219149125_b0513144911012">hiveuser2</strong> can access data with <strong id="mrs_01_0959__en-us_topic_0000001219149125_b105135493016">type</strong> set to <strong id="mrs_01_0959__en-us_topic_0000001219149125_b1251317492016">hiveuser2</strong> in <strong id="mrs_01_0959__en-us_topic_0000001219149125_b1551317497017">table1</strong>.<p id="mrs_01_0959__en-us_topic_0000001219149125_p5381102951017"><strong id="mrs_01_0959__en-us_topic_0000001219149125_b272717181217">create view v2 as select * from table1 where type='hiveuser2'</strong></p>
</li></ul>
</li></ul>
<ul id="mrs_01_0959__en-us_topic_0000001219149125_ul1651344919011"><li id="mrs_01_0959__en-us_topic_0000001219149125_li175131849802">If the current_user function is used, only one view needs to be created.<p id="mrs_01_0959__en-us_topic_0000001219149125_p11965112031217"><a name="mrs_01_0959__en-us_topic_0000001219149125_li175131849802"></a><a name="en-us_topic_0000001219149125_li175131849802"></a>Authorize the view <strong id="mrs_01_0959__en-us_topic_0000001219149125_b14513204916016">v </strong>permission to users <strong id="mrs_01_0959__en-us_topic_0000001219149125_b1851364912018">hiveuser1</strong> and <strong id="mrs_01_0959__en-us_topic_0000001219149125_b05133491905">hiveuser2</strong>. When user <strong id="mrs_01_0959__en-us_topic_0000001219149125_b5513164916017">hiveuser1</strong> queries view <strong id="mrs_01_0959__en-us_topic_0000001219149125_b151319491019">v</strong>, the current_user() function is automatically converted to <strong id="mrs_01_0959__en-us_topic_0000001219149125_b16513649708">hiveuser1</strong>. When user <strong id="mrs_01_0959__en-us_topic_0000001219149125_b145138491901">hiveuser2</strong> queries view <strong id="mrs_01_0959__en-us_topic_0000001219149125_b651314911020">v</strong>, the <strong id="mrs_01_0959__en-us_topic_0000001219149125_b051364919017">current_user()</strong> function is automatically converted to <strong id="mrs_01_0959__en-us_topic_0000001219149125_b55131491201">hiveuser2</strong>.</p>
<p id="mrs_01_0959__en-us_topic_0000001219149125_p11541203441015"><strong id="mrs_01_0959__en-us_topic_0000001219149125_b12965032181217">create view v as select * from table1 where type=current_user()</strong></p>
</li></ul>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_0581.html">Using Hive</a></div>
</div>
</div>