vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/component-operation-guide-lts/mrs_01_1940.html
Yang, Tong 3f5759eed2 MRS comp-lts 2.0.38.SP20 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2023-01-19 17:08:45 +00:00

126 lines
15 KiB
HTML
Raw Blame History

<a name="mrs_01_1940"></a><a name="mrs_01_1940"></a>
<h1 class="topictitle1">Configuring the Client and Server</h1>
<div id="body8662426"><div class="p" id="mrs_01_1940__en-us_topic_0000001219029423_abc4e49e2c0df4237901d5ce08088b919">This section describes how to configure SparkSQL permission management functions (client configuration is similar to server configuration). To enable table permission, add following configurations on the client and server:<ul id="mrs_01_1940__en-us_topic_0000001219029423_u47c83664029948f98715a46d81f5e455"><li id="mrs_01_1940__en-us_topic_0000001219029423_lc0453bd1332245b694c9aebbd4db865a"><strong id="mrs_01_1940__en-us_topic_0000001219029423_b11821142311366">spark-defaults.conf</strong> configuration file
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_1940__en-us_topic_0000001219029423_tc89cf03b09054627b5997336dcfcf919" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameter description (1)</caption><thead align="left"><tr id="mrs_01_1940__en-us_topic_0000001219029423_r8375d5f1812f422dacf4a68928d37536"><th align="left" class="cellrowborder" valign="top" width="22.99%" id="mcps1.3.1.1.1.2.2.4.1.1"><p id="mrs_01_1940__en-us_topic_0000001219029423_a8fd158ed36e34010bb41d3d6abd8a0e6"><strong id="mrs_01_1940__en-us_topic_0000001219029423_aba6660101ace47899dade479aaaa6551">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="63.980000000000004%" id="mcps1.3.1.1.1.2.2.4.1.2"><p id="mrs_01_1940__en-us_topic_0000001219029423_a6aa7da946b2a4a83806652873d32f10d"><strong id="mrs_01_1940__en-us_topic_0000001219029423_ad04810c132a149598a360dffcdfd8ce2">Description</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="13.03%" id="mcps1.3.1.1.1.2.2.4.1.3"><p id="mrs_01_1940__en-us_topic_0000001219029423_ae3a08b16fd3c405684a85c67bd6eebf0"><strong id="mrs_01_1940__en-us_topic_0000001219029423_abf4e62e09d2642008bcd279f8283f0d9">Default Value</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_1940__en-us_topic_0000001219029423_r34a9613a9891449c951d921bc076199e"><td class="cellrowborder" valign="top" width="22.99%" headers="mcps1.3.1.1.1.2.2.4.1.1 "><p id="mrs_01_1940__en-us_topic_0000001219029423_a68d92bcfb6f349e585381f71e152a8f0">spark.sql.authorization.enabled</p>
</td>
<td class="cellrowborder" valign="top" width="63.980000000000004%" headers="mcps1.3.1.1.1.2.2.4.1.2 "><p id="mrs_01_1940__en-us_topic_0000001219029423_ad020014dd01f433d942e7ed738bc1f70">Specifies whether to enable permission authentication of the datasource statement. It is recommended that the parameter value be set to <strong id="mrs_01_1940__en-us_topic_0000001219029423_b8768195481366">true</strong> to enable permission authentication.</p>
</td>
<td class="cellrowborder" valign="top" width="13.03%" headers="mcps1.3.1.1.1.2.2.4.1.3 "><p id="mrs_01_1940__en-us_topic_0000001219029423_a5a191081bb554953b8ca27ddb4b781c0">true</p>
</td>
</tr>
</tbody>
</table>
</div>
</li><li id="mrs_01_1940__en-us_topic_0000001219029423_l25721db74b054813a2afcf45ff8b3f3b"><strong id="mrs_01_1940__en-us_topic_0000001219029423_b19085671791366">hive-site.xml</strong> configuration file
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_1940__en-us_topic_0000001219029423_t2c384fbc85b7463d8bee88b95fe0bda6" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Parameter description (2)</caption><thead align="left"><tr id="mrs_01_1940__en-us_topic_0000001219029423_rcb83e88ecf074eeeb271ad8f6f2a30f9"><th align="left" class="cellrowborder" valign="top" width="19.36%" id="mcps1.3.1.1.2.2.2.4.1.1"><p id="mrs_01_1940__en-us_topic_0000001219029423_aff1fc95828ad4df3aecab02216b9555e"><strong id="mrs_01_1940__en-us_topic_0000001219029423_a3f559ff229a146e99d3e0db7619a3d07">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="64.47%" id="mcps1.3.1.1.2.2.2.4.1.2"><p id="mrs_01_1940__en-us_topic_0000001219029423_ab30f0ce16e654d9398d4dd8fc848b95c"><strong id="mrs_01_1940__en-us_topic_0000001219029423_aaf7dbd86357e4851988f5e25e8f26703">Description</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="16.17%" id="mcps1.3.1.1.2.2.2.4.1.3"><p id="mrs_01_1940__en-us_topic_0000001219029423_a40edfc8e0acf429e8c5cde120d706e1c"><strong id="mrs_01_1940__en-us_topic_0000001219029423_a45497a16e5894db9b7bb6d19eb03a892">Default Value</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_1940__en-us_topic_0000001219029423_r61d2e44fee8b4a11a04d2c298cf03e8a"><td class="cellrowborder" valign="top" width="19.36%" headers="mcps1.3.1.1.2.2.2.4.1.1 "><p id="mrs_01_1940__en-us_topic_0000001219029423_a85403229454f4e11a18e909416f6eb47">hive.metastore.uris</p>
</td>
<td class="cellrowborder" valign="top" width="64.47%" headers="mcps1.3.1.1.2.2.2.4.1.2 "><p id="mrs_01_1940__en-us_topic_0000001219029423_aa5aaf013fe06407cb03afebf1d49a41e">Specifies the MetaStore service address of the Hive component, for example, <strong id="mrs_01_1940__en-us_topic_0000001219029423_b14849990481366">thrift://10.10.169.84:21088,thrift://10.10.81.37:21088</strong>.</p>
</td>
<td class="cellrowborder" valign="top" width="16.17%" headers="mcps1.3.1.1.2.2.2.4.1.3 "><p id="mrs_01_1940__en-us_topic_0000001219029423_a49e887bbe2984518a2a60b386daccd4a">-</p>
</td>
</tr>
<tr id="mrs_01_1940__en-us_topic_0000001219029423_rcdca8e04535243baa1ac6609f48d67a1"><td class="cellrowborder" valign="top" width="19.36%" headers="mcps1.3.1.1.2.2.2.4.1.1 "><p id="mrs_01_1940__en-us_topic_0000001219029423_a5ece0bb299334d69a6f9a7cf59191eef">hive.metastore.sasl.enabled</p>
</td>
<td class="cellrowborder" valign="top" width="64.47%" headers="mcps1.3.1.1.2.2.2.4.1.2 "><p id="mrs_01_1940__en-us_topic_0000001219029423_a604118b67a4a4ad9a38df8d06060bfd6">Specifies whether the MetaStore service uses SASL to improve security. The table permission function must be enabled.</p>
</td>
<td class="cellrowborder" valign="top" width="16.17%" headers="mcps1.3.1.1.2.2.2.4.1.3 "><p id="mrs_01_1940__en-us_topic_0000001219029423_a11d66174006044c7b6dcc1de2fc75b1d">true</p>
</td>
</tr>
<tr id="mrs_01_1940__en-us_topic_0000001219029423_r1dd0470c21864b40a4206a337be5f2f2"><td class="cellrowborder" valign="top" width="19.36%" headers="mcps1.3.1.1.2.2.2.4.1.1 "><p id="mrs_01_1940__en-us_topic_0000001219029423_acb32046508f44bcea9dcb1998c4f2d9f">hive.metastore.kerberos.principal</p>
</td>
<td class="cellrowborder" valign="top" width="64.47%" headers="mcps1.3.1.1.2.2.2.4.1.2 "><p id="mrs_01_1940__en-us_topic_0000001219029423_a52201932d73d4c9dbe65be04a0767f16">Specifies the principal of the MetaStore service in the Hive component, for example, <strong id="mrs_01_1940__en-us_topic_0000001219029423_b16887207611366">hive/hadoop.</strong>&lt;<em id="mrs_01_1940__en-us_topic_0000001219029423_i6993699491366">system domain name</em>&gt;@&lt;<em id="mrs_01_1940__en-us_topic_0000001219029423_i18023128041366">system domain name</em>&gt;.</p>
</td>
<td class="cellrowborder" valign="top" width="16.17%" headers="mcps1.3.1.1.2.2.2.4.1.3 "><p id="mrs_01_1940__en-us_topic_0000001219029423_a8c98699c90a2475dbefbcede3f294eaf">hive-metastore/_HOST@EXAMPLE.COM</p>
</td>
</tr>
<tr id="mrs_01_1940__en-us_topic_0000001219029423_rd49c9232ba5f41cd9e0d611c94111902"><td class="cellrowborder" valign="top" width="19.36%" headers="mcps1.3.1.1.2.2.2.4.1.1 "><p id="mrs_01_1940__en-us_topic_0000001219029423_ada8be045d8e54358b2563d16194962a9">hive.metastore.thrift.sasl.qop</p>
</td>
<td class="cellrowborder" valign="top" width="64.47%" headers="mcps1.3.1.1.2.2.2.4.1.2 "><p id="mrs_01_1940__en-us_topic_0000001219029423_ac1a2bd18cfa145418c0f40a91f958ace">After the SparkSQL permission management function is enabled, set the parameter to <span class="parmvalue" id="mrs_01_1940__en-us_topic_0000001219029423_pec17bd62550e4253bb329b7b6d0980ad"><b>auth-conf</b></span>.</p>
</td>
<td class="cellrowborder" valign="top" width="16.17%" headers="mcps1.3.1.1.2.2.2.4.1.3 "><p id="mrs_01_1940__en-us_topic_0000001219029423_ab6636877495f4fda83cb24676f13f369">auth-conf</p>
</td>
</tr>
<tr id="mrs_01_1940__en-us_topic_0000001219029423_r62745f92eb1e4b9d9dba0bc9a4867f75"><td class="cellrowborder" valign="top" width="19.36%" headers="mcps1.3.1.1.2.2.2.4.1.1 "><p id="mrs_01_1940__en-us_topic_0000001219029423_a1a287ff12a094fcf95ef013eed1bcda6">hive.metastore.token.signature</p>
</td>
<td class="cellrowborder" valign="top" width="64.47%" headers="mcps1.3.1.1.2.2.2.4.1.2 "><p id="mrs_01_1940__en-us_topic_0000001219029423_a4527c436fbc64e1f97cbf602530c1b75">Specifies the token identifier of the MetaStore service, which is set to <span class="parmvalue" id="mrs_01_1940__en-us_topic_0000001219029423_pd922a42460974342aafe3a1d989ad8ab"><b>HiveServer2ImpersonationToken</b></span>.</p>
</td>
<td class="cellrowborder" valign="top" width="16.17%" headers="mcps1.3.1.1.2.2.2.4.1.3 "><p id="mrs_01_1940__en-us_topic_0000001219029423_a76d6be82f95c4d7eaca8c6fb11d70f2e">HiveServer2ImpersonationToken</p>
</td>
</tr>
<tr id="mrs_01_1940__en-us_topic_0000001219029423_red57d4c24da049bc82a822cf66dcdf1b"><td class="cellrowborder" valign="top" width="19.36%" headers="mcps1.3.1.1.2.2.2.4.1.1 "><p id="mrs_01_1940__en-us_topic_0000001219029423_a68813814d49a42c89c59aeaaf29e2376">hive.security.authenticator.manager</p>
</td>
<td class="cellrowborder" valign="top" width="64.47%" headers="mcps1.3.1.1.2.2.2.4.1.2 "><p id="mrs_01_1940__en-us_topic_0000001219029423_af0288fb4058c4a79912fffdf8be90195">Specifies the manager authenticated by the Hive client, which is set to <span class="parmvalue" id="mrs_01_1940__en-us_topic_0000001219029423_p982a8b1504cf44d09f81654bd46dc8b4"><b>org.apache.hadoop.hive.ql.security.SessionStateUserGroupAuthenticator</b></span>.</p>
</td>
<td class="cellrowborder" valign="top" width="16.17%" headers="mcps1.3.1.1.2.2.2.4.1.3 "><p id="mrs_01_1940__en-us_topic_0000001219029423_a75556fdd3b31457f9f669202025101e9">org.apache.hadoop.hive.ql.security.SessionStateUserMSGroupAuthenticator</p>
</td>
</tr>
<tr id="mrs_01_1940__en-us_topic_0000001219029423_r83cacb198c6448bc9f334a92f9cbd9f8"><td class="cellrowborder" valign="top" width="19.36%" headers="mcps1.3.1.1.2.2.2.4.1.1 "><p id="mrs_01_1940__en-us_topic_0000001219029423_a3fabfc5a35a044759abe26e9f81e0d38">hive.security.authorization.enabled</p>
</td>
<td class="cellrowborder" valign="top" width="64.47%" headers="mcps1.3.1.1.2.2.2.4.1.2 "><p id="mrs_01_1940__en-us_topic_0000001219029423_ac2dbeb35f24a48c082ee8a9b740df7f0">Specifies whether to enable client authentication, which is set to <span class="parmvalue" id="mrs_01_1940__en-us_topic_0000001219029423_pac0e153d096a4a5598949f4dcd3a5b36"><b>true</b></span>.</p>
</td>
<td class="cellrowborder" valign="top" width="16.17%" headers="mcps1.3.1.1.2.2.2.4.1.3 "><p id="mrs_01_1940__en-us_topic_0000001219029423_a60158e2d9859453b94c02abedf62680f">true</p>
</td>
</tr>
<tr id="mrs_01_1940__en-us_topic_0000001219029423_rf0ee3e5268c6476b8bf0efc38eaeb24f"><td class="cellrowborder" valign="top" width="19.36%" headers="mcps1.3.1.1.2.2.2.4.1.1 "><p id="mrs_01_1940__en-us_topic_0000001219029423_aa1d27dc4e4884122a7adfb778aac7944">hive.security.authorization.createtable.owner.grants</p>
</td>
<td class="cellrowborder" valign="top" width="64.47%" headers="mcps1.3.1.1.2.2.2.4.1.2 "><p id="mrs_01_1940__en-us_topic_0000001219029423_aa8bdfbf491744530acf6a88a69e264f6">Specifies which permissions are granted to the owner who creates the table, which is set to <span class="parmvalue" id="mrs_01_1940__en-us_topic_0000001219029423_p49722dab5b2d4354a5bbca03a429147c"><b>ALL</b></span>.</p>
</td>
<td class="cellrowborder" valign="top" width="16.17%" headers="mcps1.3.1.1.2.2.2.4.1.3 "><p id="mrs_01_1940__en-us_topic_0000001219029423_ab70dca57cdc64e1da1ede154b9f2179a">ALL</p>
</td>
</tr>
</tbody>
</table>
</div>
</li><li id="mrs_01_1940__en-us_topic_0000001219029423_l5b713271f9cd40c4a063bda3f4a41277"><strong id="mrs_01_1940__en-us_topic_0000001219029423_b6178390671366">core-site.xml</strong> configuration file of the MetaStore service
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_1940__en-us_topic_0000001219029423_t12d4701e856947c48166b492cab53af0" frame="border" border="1" rules="all"><caption><b>Table 3 </b>Parameter description (3)</caption><thead align="left"><tr id="mrs_01_1940__en-us_topic_0000001219029423_r291b893ca2d34b2c81ffdf8f03d35aee"><th align="left" class="cellrowborder" valign="top" width="25.25%" id="mcps1.3.1.1.3.2.2.4.1.1"><p id="mrs_01_1940__en-us_topic_0000001219029423_a087ebecb17344d17a37401c8070e7606"><strong id="mrs_01_1940__en-us_topic_0000001219029423_a3ff327f889b3418386b5d9ca1fc7277b">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="59.650000000000006%" id="mcps1.3.1.1.3.2.2.4.1.2"><p id="mrs_01_1940__en-us_topic_0000001219029423_a4b5f6974aa104373b39bcdc356624546"><strong id="mrs_01_1940__en-us_topic_0000001219029423_acd19632ccbc941c8964bd54bbb17f8b5">Description</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="15.1%" id="mcps1.3.1.1.3.2.2.4.1.3"><p id="mrs_01_1940__en-us_topic_0000001219029423_af789f1b0d6ba48f5bf7589bfcebc73ad"><strong id="mrs_01_1940__en-us_topic_0000001219029423_a7eeaed1a65814ecd98e6231972e32759">Default Value</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_1940__en-us_topic_0000001219029423_ra0b2a69aa4c646a08c7ad8351c5bcf0a"><td class="cellrowborder" valign="top" width="25.25%" headers="mcps1.3.1.1.3.2.2.4.1.1 "><p id="mrs_01_1940__en-us_topic_0000001219029423_aefa32f5381b1449fb7a6f25fd8d11603">hadoop.proxyuser.spark.hosts</p>
</td>
<td class="cellrowborder" valign="top" width="59.650000000000006%" headers="mcps1.3.1.1.3.2.2.4.1.2 "><p id="mrs_01_1940__en-us_topic_0000001219029423_a9f651d6b3d59499db99ebfb0a752e90a">Specifies the hosts from which Spark users can be masqueraded, which is set to <strong id="mrs_01_1940__en-us_topic_0000001219029423_b6400189291366">*</strong>, indicating all hosts.</p>
</td>
<td class="cellrowborder" valign="top" width="15.1%" headers="mcps1.3.1.1.3.2.2.4.1.3 "><p id="mrs_01_1940__en-us_topic_0000001219029423_ade89ff2abd464cfaaba50553ec52b52a">-</p>
</td>
</tr>
<tr id="mrs_01_1940__en-us_topic_0000001219029423_rf13d6535db104e908a11a759ac3aac26"><td class="cellrowborder" valign="top" width="25.25%" headers="mcps1.3.1.1.3.2.2.4.1.1 "><p id="mrs_01_1940__en-us_topic_0000001219029423_aaca5f53f0e4c4480abcd8ea581fdf24d">hadoop.proxyuser.spark.groups</p>
</td>
<td class="cellrowborder" valign="top" width="59.650000000000006%" headers="mcps1.3.1.1.3.2.2.4.1.2 "><p id="mrs_01_1940__en-us_topic_0000001219029423_aefae623f14ee47dab1ee8a42e57c1ae3">Specifies the user groups from which Spark users can be masqueraded, which is set to <strong id="mrs_01_1940__en-us_topic_0000001219029423_b8428509591366">*</strong>, indicating all user groups.</p>
</td>
<td class="cellrowborder" valign="top" width="15.1%" headers="mcps1.3.1.1.3.2.2.4.1.3 "><p id="mrs_01_1940__en-us_topic_0000001219029423_a5117aba4706f4d5cb87ab18ecb9aa0e7">-</p>
</td>
</tr>
</tbody>
</table>
</div>
</li></ul>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_1935.html">SparkSQL Permission Management(Security Mode)</a></div>
</div>
</div>
View Git Blame Copy Permalink