SQL standards-based authorization is the best way of authorizing Hive. This approach is widely used to restrict the access of data to only authorized users so that no malicious user can destroy anything by accessing the data. This authorization model is fully compliant with SQL authorization model. The grant and revoke statements are used to provide or remove the access to particular resources to users.

In order to implement the security using this model, all the queries must be served through HiveServer2 only. To interact with HiveServer2, any HiveServer2 clients (described in the Using HiveServer2 clients recipe of Chapter 2, Services in Hive) can be used. Beeline is a client that is commonly used to interact with HiveServer2 in place of HiveCLI. For a highly secure environment, it is very important to restrict the direct access of users to HDFS commands, Hive CLI, and Pig commands.

There are five primary types of privileges: