I can setup a policy in Ranger for a certain Hive table so that only certain users can SELECT from the table.
When I use the Beeline command-line interface and login as a user that DOES NOT have SELECT access to that table, then I will get an error, as expected, indicating permission denied.
It's my understanding that Beeline communicates with HiveServer2 using HiveServer2’s Thrift APIs.
However, if I am logged into a terminal as that same user who DOES NOT have SELECT access, and I launch the Hive CLI, then I am able to read from the table.
I'm guessing this has to due with the Hive CLI not interacting with HiveServer 2? Is this the reason why I am able to SELECT from the table via Hive CLI, whereas through Beeline I am not able to SELECT from the table. My Ranger policy is set so that only certain users should be able to SELECT from the table. Beeline enforces this policy, whereas Hive CLI does not.
