https://community.cloudera.com/t5/Support-Questions/How-to-manage-Hive-warehouse-HDFS-directory-permission/m-p/189272#M151365 <P>One approach you can take is to enable Hive impersonation - set ‘hive.server2.enable.doAs=false’ in Hive Configs, which will give permissions of the Hive related HDFS folders to the ‘hive’ user, and other users wouldn’t be able to access HDFS files directly. </P><P>In your case, I assume you have doAs set to true, the user running the Hive query requires to have permissions defined for both HDFS and Hive in Ranger, which can be an issue if you have too many tables, as all your tables are managed under the hive/warehouse directory rather than user’s home folders, and for each table you will need to grant user permissions via HDFS policy in Ranger to the table location for the specific tables.</P><P>Even you have ‘doAs’ set to true, you will still be able to see the actual user in Ranger Audit logs, and it’s just the HDFS related tasks will run as the ‘hive’ user.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="20489-ambari-scregionde.png" style="width: 1007px;"><img src="https://community.cloudera.com/t5/image/serverpage/image-id/18579i6BA4A7C7900905BD/image-size/medium?v=v2&amp;px=400" role="button" title="20489-ambari-scregionde.png" alt="20489-ambari-scregionde.png" /></span></P> Sun, 18 Aug 2019 07:45:29 GMT dsun 2019-08-18T07:45:29Z