Authorization properties for the LOCATION clause
Some configuration properties can be modified after you install Db2 Big SQL to validate your authorization to use the LOCATION clause, or to enforce the requirement that the LOCATION clause can be provided in conjunction with the EXTERNAL clause only. This ensures that the DROP command does not accidentally drop data that does not reside in the distributed file system warehouse directory.
Edit the bigsql-default.xml file under
$BIGSQL_HOME/conf to modify the default settings of the following properties.
The default value of these properties is true. After modifying the
bigsql-default.xml file, stop and then restart Db2 Big SQL.
- bigsql.validate.createtab.location.permissions
- By default, this property means that before the CREATE [EXTERNAL] HADOOP TABLE with the LOCATION
clause can proceed, it first validates that you have one of the following authorizations to use the
LOCATION clause:
- DATAACCESS authority.
- Privileges on the distributed file system files and the directory:
- READ and WRITE privileges on the directory and all files in the directory, including files in any subdirectories that might be recursively specified in the LOCATION clause.
- EXECUTE privileges on all the directories and subdirectories in the specified LOCATION clause.
<property> <name>bigsql.validate.createtab.location.permissions</name> <value>true</value> </property>
- bigsql.validate.droptab.location.permissions
- By default, the DROP TABLE statement on a managed (non-EXTERNAL) Hadoop table with a LOCATION
outside of the distributed file system hive\warehouse directory is restricted
unless
you
are the owner of the table or you have one of the following authorizations to use the LOCATION
clause:
- DATAACCESS authority.
- Privileges on the distributed file system files and the directory:
- READ and WRITE privileges on the directory and all files in the directory, including files in any subdirectories that might be recursively specified in the LOCATION clause.
- EXECUTE privileges on all the directories and subdirectories in the specified LOCATION clause.
<property> <name>bigsql.validate.droptab.location.permissions</name> <value>true</value> </property>
- bigsql.validate.load.srcfile.permissions
- By default, this property means that before the LOAD HADOOP USING FILE statement can proceed, it
first validates that you have one of the following authorizations to use the LOCATION clause:
- DATAACCESS authority.
- Privileges on the distributed file system files and the directory:
- READ privileges on the directory and all files in the directory, including files in any subdirectories that might be recursively specified in the LOCATION clause.
- EXECUTE privileges on all the directories and subdirectories in the specified LOCATION clause.
<property> <name>bigsql.validate.load.srcfile.permissions</name> <value>true</value> </property>
- bigsql.allow.createtab.managed.location
- By default, the CREATE HADOOP TABLE statement with the LOCATION clause is allowed. If you set
the property to 'false', you cannot use the LOCATION clause on the CREATE HADOOP
TABLE statement unless the EXTERNAL keyword is also present. Setting this property to
'false' ensures that Db2 Big SQL cannot delete data that resides outside of the
hive\warehouse
directory.
<property> <name>bigsql.allow.createtab.managed.location</name> <value>true</value> </property>