09-26-2016 02:56 AM
I have enabled Sentry to work with HiveServer2, and impersonation on HiveServer2 is turned off.
And my fair-scheduler.xml also has the rule <rule name="specified" cteate="true">.
That means if I submit a job as user_a via beeline ,the job will be executed by HIVE user and in resource pool "root.users.user_a"
The issue is :
We configured Dynamic resource manager pools,setting up 3 queues, (e.g. q_a, q_b, q_c), for 3 different groups of users, just for running hive jobs.
But the job will be executed by HIVE user, and resource pool acl control which queue the "user who execute the job" can access.That means all users who can submit hive jobs also can use command like "set mapreduce.job.queuename=xxx" to switch to any queue that "user hive" can access.That makes acl useless.
Is there a way to control which users can submit to specific resource pools in HIVE in non-impersonation mode?