Cloudera Community

Community Articles

Find and share helpful community-sourced technical articles.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

How grant/revoke in hive works with Ranger?

avatar
author-rank mugdha author-rank
Guru

Created on ‎11-19-2018 10:11 PM - edited on ‎10-21-2021 11:54 PM by Moderator

This article just gives an example of how 'grant'/'revoke' works when the Hive plugin is enabled with Ranger in CDP.

A user who is 'admin' in Ranger, can manage access to Hive tables via 'grant'/'revoke' operation.

In Ranger UI > Settings > Users and Groups > Users

Note: User 'hive' is in role 'Admin'

ranger.png

On the beeline, login as user 'hive'. Run the grant command to give select privileges on a table:

 

0: jdbc:hive2://a.b.c.co> grant select on table mix to user mugdha;
INFO  : Compiling command(queryId=hive_20211021024819_c3de84a7-a312-4a1f-9a8d-8b328cced054): grant select on table mix to user mugdha
INFO  : Semantic Analysis Completed (retrial = false)
INFO  : Created Hive schema: Schema(fieldSchemas:null, properties:null)
INFO  : Completed compiling command(queryId=hive_20211021024819_c3de84a7-a312-4a1f-9a8d-8b328cced054); Time taken: 0.022 seconds
INFO  : Executing command(queryId=hive_20211021024819_c3de84a7-a312-4a1f-9a8d-8b328cced054): grant select on table mix to user mugdha
INFO  : Starting task [Stage-0:DDL] in serial mode
INFO  : Completed executing command(queryId=hive_20211021024819_c3de84a7-a312-4a1f-9a8d-8b328cced054); Time taken: 0.548 seconds
INFO  : OK
No rows affected (0.634 seconds)

 

In Ranger, a new policy is created by that command:

 

new policy.png

 

Similarly, in a 'revoke' run, user 'mugdha', will be removed from the policy:

 

0: jdbc:hive2://a.b.c.co> revoke select on table mix from user mugdha;
INFO  : Compiling command(queryId=hive_20211021025423_cdf81a8a-df0d-4c40-9509-f4325d3ba112): revoke select on table mix from user mugdha
INFO  : Semantic Analysis Completed (retrial = false)
INFO  : Created Hive schema: Schema(fieldSchemas:null, properties:null)
INFO  : Completed compiling command(queryId=hive_20211021025423_cdf81a8a-df0d-4c40-9509-f4325d3ba112); Time taken: 0.032 seconds
INFO  : Executing command(queryId=hive_20211021025423_cdf81a8a-df0d-4c40-9509-f4325d3ba112): revoke select on table mix from user mugdha
INFO  : Starting task [Stage-0:DDL] in serial mode
INFO  : Completed executing command(queryId=hive_20211021025423_cdf81a8a-df0d-4c40-9509-f4325d3ba112); Time taken: 0.274 seconds
INFO  : OK
No rows affected (0.323 seconds)

 

 

revoke.png

 

This also works the same way in HDP, see ​Provide User Access to Hive Database Tables from the Command Line 

2,875 Views
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements
Version history
Last update:
‎10-21-2021 11:54 PM
Updated by:
Moderator
Contributors