Support Questions

Find answers, ask questions, and share your expertise

Cae HiveServer2 run query as the acutal connect user on yarn?


We are currently running hive(hiveserver2) with sentry, and user impersonation is disable.

When any user connect to hiveserver2 and submit queries, hiveserver2 will submit all the query jobs to yarn, as the same user hive, not the actual the user who connect to hiveserver2.

Is there any way that can let hiveserver2 submit jobs as the actual user?






Have you configured Kerberos?

if so

1. klist to see uid for the current ticket

2. ask the actual user to kinit with their uid and password before submit their query 


it may help you



No, we are running hiveserver2 with ldap and sentry.




ok, but I am using Kerberos for the authentication. 


I am not sure but it 'might' be the reason for your issue because, according to the below site


  • HiveServer2 and the Hive Metastore running with strong authentication. For HiveServer2, strong authentication is either Kerberos or LDAP. For the Hive Metastore, only Kerberos is considered strong authentication
  • Kerberos authentication on your cluster. Kerberos prevent a user from bypassing the authorization system and gaining direct access to the underlying data.





Rising Star

@lewiss Did you find any workaround for this issue?