Community Articles

Find and share helpful community-sourced technical articles.
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Labels (2)
avatar
Super Guru

PROBLEM STATEMENT: We have a strange problem with ranger. When I do a "select * from <table>; "

I can see in ranger, on hive audit, that my user (dnid) is getting logged correctly. But when I look at the same situation on hdfs audit it shows that another user did the request. This Is to me very strange, I´ve tried with different users and the same problem happens again.

ERROR:

9634-img2.png

9636-img3.png

9637-img1.png

ROOT CAUSE: This is known issue and a BUG -

https://issues.apache.org/jira/browse/HIVE-13120

http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.2/bk_HDP_RelNotes/content/fixed_issues.html

BUG-53108HIVE-13120

RESOLUTION:

Changed the below property in hiveserver2 configs and restarted hiveserver2 after which the Ranger HDFS audit was showing user as hive in HDFS audit.

From:
"hive.server2.enable.doAs"=true

TO:
"hive.server2.enable.doAs"=false

img3.png
393 Views
Version history
Last update:
‎08-17-2019 07:57 AM
Updated by:
Contributors