electrum
commented
6 years ago If you set hive.security=sql-standard, the Hive connector will perform authorization checks against the metastore using the privileges defined in the metastore.
Closed tooptoop4 closed 4 years ago
electrum
commented
6 years ago If you set hive.security=sql-standard, the Hive connector will perform authorization checks against the metastore using the privileges defined in the metastore.
electrum
commented
6 years ago 
tooptoop4
commented
6 years ago what user will presto use to connect to hive? how do you pass in hive user/password to presto? especially if hive using unkerborised linux filesystem not hdfs/s3.
electrum
commented
6 years ago Unless you’re using Kerberos, there is no user or authentication for the metastore.
leolorenzoluis
commented
6 years ago @electrum What needs to be done in order to support plain user authentication to the metastore?
arhimondr
commented
6 years ago @leolorenzoluis I never heard about plain authentication for Metastore. As far as i know the only option is Kerberos authentication. Could you please point to the plain authentication documentation?
leolorenzoluis
commented
6 years ago @arhimondr I mean impersonation. https://prestodb.io/docs/current/connector/hive-security.html
Impersonation Accessing the Hive Metastore Presto does not currently support impersonating the end user when accessing the Hive metastore.
Client doesn't have kerberos. They only use service accounts to authenticate in their Hive. Therefore, need to do impersonation from Presto. Do you think there is a better way?
stale[bot]
commented
4 years ago This issue has been automatically marked as stale because it has not had any activity in the last 2 years. If you feel that this issue is important, just comment and the stale tag will be removed; otherwise it will be closed in 7 days. This is an attempt to ensure that our open issues remain valuable and relevant so that we can keep track of what needs to be done and prioritize the right things.
Apache Drill allows user impersonation like below, does Presto allow similar? ie hostA runs hive, mysql, hivemetastore,ranger. Hive is run on linux file system not hdfs of hostA. hostB runs Presto. Ranger allows certain users to view certain tables in hive. Can presto 'login' to the metastore as various hive users or just the unix user running presto-cli? Assume not all hive users have unix accounts.
{ "type": "hive", "enabled": true, "configProps": { "hive.metastore.uris": "thrift://host:9083", "javax.jdo.option.ConnectionURL": "jdbc:mysql://host:3306/metastore", "javax.jdo.option.ConnectionDriverName": "com.mysql.jdbc.Driver", "javax.jdo.option.ConnectionUserName": "bill", "javax.jdo.option.ConnectionPassword": "pass", "hive.metastore.warehouse.dir": "file:///home/ec2-user/warehouse", "fs.default.name": "file:///" } }