Community Articles
Find and share helpful community-sourced technical articles
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.
Labels (1)

This article just gives an example of how grant/revoke works when hive plugin is enabled with Ranger.

Doc reference - https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/user_access_hive_db_tab...

A user who is admin in Ranger, can manage access to hive tables via grant/revoke operation.

In Ranger UI -> Settings -> Users and Groups -> Users

User “hive” is in Role “Admin” -

93659-screen-shot-2018-11-17-at-100100-pm.png

On the beeline, login as user hive:

[hive@c141-node5 root]$ beeline -u "jdbc:hive2://c141-node4.pitot.com:2181,c141-node3.pitot.com:2181,c141-node2.pitot.com:2181/;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=hiveserver2" -n hive

Run the grant command to give select privileges on a table:

93660-grant-select.png

In Ranger a new policy is created by that command:

93661-screen-shot-2018-11-17-at-101303-pm.png

Similarly a revoke run, user mugdha will be removed from the policy:

0: jdbc:hive2://c141-node4.pitot.com:2181,c14> revoke select on pageviews from user mugdha;
No rows affected (0.169 seconds)
0: jdbc:hive2://c141-node4.pitot.com:2181,c14>
318 Views
Don't have an account?
Coming from Hortonworks? Activate your account here
Version history
Revision #:
2 of 2
Last update:
‎08-17-2019 05:47 AM
Updated by:
 
Contributors
Top Kudoed Authors