I have to set main.ldapRealm.authorizationEnabled in knox topology but I am trying to understand this property before I do it in knox.
Will it impact on ranger or hiveserver2 ?
By setting main.ldapRealm.authorizationEnabled to false (default), you are indicating that there is no need for the ShiroProvider to lookup groups for the user through the KnoxLdapRealm implementation. The impact is that if you are doing service level authorization checks at the gateway itself then the groups will not be available for evaluation by the Knox AclsAuthz provider or the Ranger plugin.
If you are not doing service level authorization checks and relying solely on finer grained ACL/policy enforcement then you can safely leave that as false.