Actually I wonder how this is working, the set_ugi implementation in hive metastore server-side is like adding the user information in the session, and there is no additional impersonation or authentication implemented. Before we talk about how these authorization modes work, it’s important we know about Hive’s major use cases: 1. The sample is based on Starburst 343-e open source distribution, Cloudera CDH 5.7.0 and RHEL 7 … Presto supports querying and manipulating Hive tables with Avro storage format which has the schema set based on an Avro schema file/literal. Presto Machine have hive.properties file which tells Presto to use thrift connection to hive client and hdfs-site core-site.xml files for HDFS. There are mainly four modes for authorization in Hive: storage based authorization in the metastore server, SQL standards based authorization in HiverServer2, Apache ranger and sentry, and the legacy mode. Hive uses MapReduce concept for query execution that makes it relatively slow as compared to Cloudera Impala, Spark or Presto CREATE ROLE role WITH ADMIN is not supported.. To use this plugin, add an etc/access-control.properties file containing two required properties: access-control.name, which must be equal to file, and security.config-file, which must be equal to File Based System Access Control. However, the access control policy is different from SQL standards based authorization, and they are not compatible. Presto supports querying and manipulating Hive tables with Avro storage format which has the schema set based on an Avro schema file/literal. See File Based Authorization for details. Authorization checks are enforced using a config file specified by the Hive configuration property security.config-file. Use of this mode is also supported for Hive command line users. Since Presto’s ROLE syntax support matches the SQL standard, and Hive does not exactly follow the SQL standard, there are the following limitations and differences:. Impala is developed and shipped by Cloudera. Kerberos authentication with keytab is applied to access HDFS and Hive metastore. It is also possible to create tables in Presto which infers the schema from a valid Avro schema file located locally or remotely in HDFS/Web server. Presto uses Hive metastore to discover schemas and tables in undelaying data files and runs its own query engine. As far as Impala is concerned, it is also a SQL query engine that is designed on top of Hadoop. Users are permitted to perform the operations as long as they have the required privileges as per the SQL standard. Keytab files must be distributed to every node in the cluster that runs Presto. SQL Standard Based Authorization#. Hive Pros: Hive Cons: 1). Hive is an open-source engine with a vast community: 1). ... Presto authenticates hive.hdfs.presto.principal using the keytab specified by hive.hdfs.presto.keytab. This plugin allows you to specify access control rules in a file. It is a stable query engine : 2). This feature allows controlling access to catalogs, sessions and schemas in an easy-to-use way. However, for reasons mentioned under the discussion of SQL standards based authorization (above), it is not a secure mode of authorization for the Hive command line. ... Hiverserver2 is using ranger hive plugin and In order to secure metastore, it is also recommended to turn on storage-based authorization. When sql-standard security is enabled, Presto enforces the same SQL standard based authorization as Hive does.. Brief Introduction. sql-standard. This allows using a file-based approach to managing access to Presto objects vs. something like Apache Ranger. Improving on this functionality, we’ve added LDAP authorization for users and groups. See File based authorization for details. Authorization checks are enforced using a config file specified by the Hive configuration property security.config-file. It is also possible to create tables in Presto which infers the schema from a valid Avro schema file located locally or remotely in HDFS/Web server. Spark, Hive, Impala and Presto are SQL based engines.