| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| <!DOCTYPE concept PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd"> |
| <concept id="security_metastore"> |
| |
| <title>Securing the Hive Metastore Database</title> |
| <prolog> |
| <metadata> |
| <data name="Category" value="Impala"/> |
| <data name="Category" value="Hive"/> |
| <data name="Category" value="Security"/> |
| <data name="Category" value="Metastore"/> |
| <data name="Category" value="Databases"/> |
| <data name="Category" value="Administrators"/> |
| </metadata> |
| </prolog> |
| |
| <conbody> |
| |
| <!-- Some of this copied from earlier. Split out both instances into conrefs. --> |
| |
| <p> |
| It is important to secure the Hive metastore, so that users cannot access the names or other information |
| about databases and tables the through the Hive client or by querying the metastore database. Do this by |
| turning on Hive metastore security, using the instructions in |
| <xref keyref="cdh_sg_hive_security"/> for securing different Hive components: |
| </p> |
| |
| <ul> |
| <li> |
| Secure the Hive Metastore. |
| </li> |
| |
| <li> |
| In addition, allow access to the metastore only from the HiveServer2 server, and then disable local access |
| to the HiveServer2 server. |
| </li> |
| </ul> |
| </conbody> |
| </concept> |