Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

Zeppelin user impersonation for Hive?

avatar
author-rank sunile_manjee author-rank
Master Guru

Created ‎11-14-2016 03:56 PM

Is there any capabilities to hive zeppelin notebook run hive query based on user id on zeppelin session? right know the jdbc interrupter needs username and password for hive. That means all users will run as user defined in interpreter settings. I can't have this due to security issues, ie having all users access hive tables via single user id. I have ranger enabled to provide security based on user id. Livy is for spark so that is unusable for hive. any insights?

4,202 Views
1 ACCEPTED SOLUTION

avatar
author-rank sunile_manjee author-rank
Master Guru

Created ‎11-14-2016 04:00 PM

I found how to do it








Identity Propagation with JDBC (Hive)


1.Enable
Authentication via Shiro
Config


–zeppelin.jdbc.auth.type
= KERBEROS


–zeppelin.jdbc.principal
=
principal value


–zeppelin.jdbc.keytab.location
=
keytab
location


•JDBC
Interpreter will add end-user as 

jdbc:hive2://HiveHost:10000/default;principal=hive/_HOST@MY-REALM.COM;hive.server2.proxy.user=<$USER_NAME>

View solution in original post

3,229 Views
3 REPLIES 3

avatar
author-rank sunile_manjee author-rank
Master Guru

Created ‎11-14-2016 04:00 PM

I found how to do it








Identity Propagation with JDBC (Hive)


1.Enable
Authentication via Shiro
Config


–zeppelin.jdbc.auth.type
= KERBEROS


–zeppelin.jdbc.principal
=
principal value


–zeppelin.jdbc.keytab.location
=
keytab
location


•JDBC
Interpreter will add end-user as 

jdbc:hive2://HiveHost:10000/default;principal=hive/_HOST@MY-REALM.COM;hive.server2.proxy.user=<$USER_NAME>
3,230 Views

avatar
author-rank amcbarnett
Guru

Created ‎02-04-2017 10:48 PM

@Sunile Manjee

Can you clearly state what you entered for zeppelin.jdbc.principal? Is this the Hive Principal or the Zeppelin Principal with Key tab. Also what exactly is in the URL for the JDBC Interpreter? Just: 

jdbc:hive2://HiveHost:10000/default;principal=hive/_HOST@MY-REALM.COM

Finally, did you have to copy the Hive JDBC Jars or create softlinks to Zeppelin 

/usr/hdp/current/zeppelin-server/interpreter/jdbc
3,229 Views
0 Kudos

avatar
author-rank sunile_manjee author-rank
Master Guru

Created ‎02-06-2017 02:50 AM

@Ancil McBarnett its been a while since I have tried it. here is the information:

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.3/bk_zeppelin-component-guide/content/zeppeli...

3,229 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Real time Monitoring for 7.1.9+ and 7.2.18+ with Cl...
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
View More Announcements