vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/component-operation-guide/mrs_01_0959.html
Yang, Tong 6182f91ba8 MRS component operation guide_normal 2.0.38.SP20 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2022-12-09 14:55:21 +00:00

26 lines
4.4 KiB
HTML
Raw Blame History

<a name="mrs_01_0959"></a><a name="mrs_01_0959"></a>
<h1 class="topictitle1">Access Control of a Dynamic Table View on Hive</h1>
<div id="body1590395283418"><div class="section" id="mrs_01_0959__section1540911491102"><h4 class="sectiontitle">Scenario</h4><p id="mrs_01_0959__p551217491603">This section describes how to create a view on Hive when <span id="mrs_01_0959__text178923311185">MRS</span> is configured in security mode, authorize access permissions to different users, and specify that different users access different data.</p>
<p id="mrs_01_0959__p1451217491902">In the view, Hive can obtain the built-in function <strong id="mrs_01_0959__b1587513431793">current_user()</strong> of the users who submit tasks on the client and filter the users. This way, authorized users can only access specific data in the view.</p>
<div class="note" id="mrs_01_0959__note441264910018"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="mrs_01_0959__p12512204919011">In normal mode, the<strong id="mrs_01_0959__b1531035215913"> current_user()</strong> function cannot distinguish users who submit tasks on the client. Therefore, the access control function takes effect only for Hive in security mode.</p>
<p id="mrs_01_0959__p151254910015">If the <strong id="mrs_01_0959__b10580115918920">current_user()</strong> function is used in the actual service logic, the possible risks must be fully evaluated during the conversion between the security mode and normal mode.</p>
</div></div>
</div>
<div class="section" id="mrs_01_0959__section194178491307"><h4 class="sectiontitle">Operation Example</h4><ul id="mrs_01_0959__ul145124497017"><li id="mrs_01_0959__li1513144917010">If the current_user function is not used, different views need to be created for different users to access different data.<ul id="mrs_01_0959__ul8513164910015"><li id="mrs_01_0959__li351319495012">Authorize the view <strong id="mrs_01_0959__b1051314493019">v1</strong> permission to user <strong id="mrs_01_0959__b1051394910015">hiveuser1</strong>. The user <strong id="mrs_01_0959__b1513194912012">hiveuser1</strong> can access data with <strong id="mrs_01_0959__b19513149401">type</strong> set to <strong id="mrs_01_0959__b85131498019">hiveuser1</strong> in <strong id="mrs_01_0959__b16513749301">table1</strong>.<p id="mrs_01_0959__p87581125111012"><strong id="mrs_01_0959__b456271391118">create view v1 as select * from table1 where type='hiveuser1'</strong></p>
</li></ul>
<ul id="mrs_01_0959__ul185131649609"><li id="mrs_01_0959__li85135493014">Authorize the view <strong id="mrs_01_0959__b851317491018">v2</strong> permission to user <strong id="mrs_01_0959__b16513149108">hiveuser2</strong>. The user <strong id="mrs_01_0959__b0513144911012">hiveuser2</strong> can access data with <strong id="mrs_01_0959__b105135493016">type</strong> set to <strong id="mrs_01_0959__b1251317492016">hiveuser2</strong> in <strong id="mrs_01_0959__b1551317497017">table1</strong>.<p id="mrs_01_0959__p5381102951017"><strong id="mrs_01_0959__b272717181217">create view v2 as select * from table1 where type='hiveuser2'</strong></p>
</li></ul>
</li></ul>
<ul id="mrs_01_0959__ul1651344919011"><li id="mrs_01_0959__li175131849802">If the current_user function is used, only one view needs to be created.<p id="mrs_01_0959__p11965112031217"><a name="mrs_01_0959__li175131849802"></a><a name="li175131849802"></a>Authorize the view <strong id="mrs_01_0959__b14513204916016">v </strong>permission to users <strong id="mrs_01_0959__b1851364912018">hiveuser1</strong> and <strong id="mrs_01_0959__b05133491905">hiveuser2</strong>. When user <strong id="mrs_01_0959__b5513164916017">hiveuser1</strong> queries view <strong id="mrs_01_0959__b151319491019">v</strong>, the current_user() function is automatically converted to <strong id="mrs_01_0959__b16513649708">hiveuser1</strong>. When user <strong id="mrs_01_0959__b145138491901">hiveuser2</strong> queries view <strong id="mrs_01_0959__b651314911020">v</strong>, the <strong id="mrs_01_0959__b051364919017">current_user()</strong> function is automatically converted to <strong id="mrs_01_0959__b55131491201">hiveuser2</strong>.</p>
<p id="mrs_01_0959__p11541203441015"><strong id="mrs_01_0959__b12965032181217">create view v as select * from table1 where type=current_user()</strong></p>
</li></ul>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_0581.html">Using Hive</a></div>
</div>
</div>
View Git Blame Copy Permalink