Sentry Metadata Read Protection for Hive is an improvement which make Sentry supports the policy enforcement for metadata read.
When the commands like "show tables", "show databases" are called, the result will be filtered according to the user's privilege in sentry.
For example:
There are 3 tables in database db1: table1, table2, table3
User1 has the "select" privilege for table1.
When User1 executes the "show tables" for db1, he can get only table1, table2 and table3 are deleted from the result according to the user1's privilege in sentry.
HiveServer2 (hive-site.xml)
| Config Property | Value | Description | Default |
|---|---|---|---|
| hive.metastore.rawstore.impl | org.apache.sentry.binding.metastore.AuthorizingObjectStore | Name of the class that implements org.apache.hadoop.hive.metastore.rawstore interface. This class is used to store and retrieval of raw metadata objects such as table, database. | org.apache.hadoop.hive.metastore.ObjectStore |