0: jdbc:hive2://node1:10000> create role root;
Error: Error while processing statement: FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Current user : ljr is not allowed to add roles. User has to belong to ADMIN role and have it as current role, for this action. (state=08S01,code=1)
![](https://img-blog.csdnimg.cn/da4939cc4dfb4442b9d42717905ccbbc.png)
对于由于用户权限引起的报错,我们知道只要对用户进行授予相关的权限就可以解决问题,但是最令人疑惑的是,这个授权的boss是谁?我们可以从报错内容看出授权的必须是belong to ADMIN role and have it as current role(属于超级管理员的角色,并且是当前的角色),下面讨论怎么进行设置;
解决办法:
1、在hive-site.xml中指定超级管理员:
vim $HIVE_HOME/conf/hive-site.xml
<!-- 指定超级管理员 -->
<property>
<name>hive.users.in.admin.role</name>
<value>ljr</value>
</property>
2、通过beeline以ljr用户进入hive
beeline -u jdbc:hive2://node1:10000 -n ljr
分别执行以下操作
set hive.users.in.admin.role;
set role admin;
create role root;
到此可以发现用户ljr已经有了创建角色的权限;事实上ljr已经拥有了hive超级管理员的所有权限
![](https://img-blog.csdnimg.cn/f262500ef91046ec93bb3160e6ed3c2e.png)
比如:未进行set role admin;时ljr是无权将test库的权限开放给其他用户的
0: jdbc:hive2://node1:10000> grant all on database test to user root;
Error: Error while processing statement: FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Permission denied: Principal [name=ljr, type=USER] does not have following privileges for operation GRANT_PRIVILEGE [[SELECT with grant, INSERT with grant, UPDATE with grant, DELETE with grant] on Object [type=DATABASE, name=test]] (state=08S01,code=1)
![](https://img-blog.csdnimg.cn/76e73c1480ef4963a8077683a8c3f10a.png)
但进行以上操作后可以发现ljr可以对test库进行授权了
0: jdbc:hive2://node1:10000> grant all on database test to user root;![](https://img-blog.csdnimg.cn/c12a110bddda4f5f9f8584843f7e6967.png)
0: jdbc:hive2://node1:10000> show grant user root;
![](https://img-blog.csdnimg.cn/5c8afd9995f64bb681f019928612dac8.png)