Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Cae HiveServer2 run query as the acutal connect user on yarn?

Labels:
lewiss
Explorer

Created on ‎07-09-2017 06:39 PM - edited ‎09-16-2022 04:54 AM

We are currently running hive(hiveserver2) with sentry, and user impersonation is disable.

When any user connect to hiveserver2 and submit queries, hiveserver2 will submit all the query jobs to yarn, as the same user hive, not the actual the user who connect to hiveserver2.

Is there any way that can let hiveserver2 submit jobs as the actual user?

 

2,100 Views
0 Kudos
1
4 REPLIES 4

saranvisa
Champion

Created ‎07-09-2017 07:53 PM

@lewiss

 

Have you configured Kerberos?

if so

1. klist to see uid for the current ticket

2. ask the actual user to kinit with their uid and password before submit their query 

 

it may help you

 

 

2,007 Views
0 Kudos

lewiss
Explorer

Created ‎07-09-2017 08:51 PM

No, we are running hiveserver2 with ldap and sentry.
2,004 Views
0 Kudos

saranvisa
Champion

Created ‎07-10-2017 08:55 AM

@lewiss

 

ok, but I am using Kerberos for the authentication. 

 

I am not sure but it 'might' be the reason for your issue because, according to the below site

 

  • HiveServer2 and the Hive Metastore running with strong authentication. For HiveServer2, strong authentication is either Kerberos or LDAP. For the Hive Metastore, only Kerberos is considered strong authentication
  • Kerberos authentication on your cluster. Kerberos prevent a user from bypassing the authorization system and gaining direct access to the underlying data.

https://www.cloudera.com/documentation/enterprise/latest/topics/cdh_sg_sentry.html#concept_h54_ws4_w...

 

 

 

 

1,983 Views
0 Kudos

Prav
Rising Star

Created ‎07-31-2018 12:47 PM

@lewiss Did you find any workaround for this issue?

1,505 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
Product Announcements
[ANNOUNCE] CDP Private Cloud Data Services 1.5.0 Released
Community Announcements
January 2023 Community Highlights
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector 2.6.30 for Impala is Released
What's New @ Cloudera
Cloudera Operational Database (COD) provides a CLI option to enable HBase region canaries
What's New @ Cloudera
Cloudera Operational Database (COD) supports creating an operational database using a predefined Data Lake template
View More Announcements