Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Can we create policies on Hive Views in Apache Ranger ??

avatar
author-rank subash_sharma
Expert Contributor

Created ‎12-05-2016 11:07 AM

Hey Guys,

When we create a policy on hive database, Ranger usually shows to opt either Tables or UDF, So far i haven't seen any option to choose Hive View. Is it possible to create tag based policy on hive views??

Any help would be appreciated

Thanks in Advance,

Subash

4,220 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank sshimpi
Super Guru

Created ‎12-05-2016 11:45 AM

@subash sharma

From Ranger you can authorized policies based on UDF and tables for HIVE.

Hive view cannot be used to authorize using Ranger.

View solution in original post

3,628 Views
5 REPLIES 5

avatar
author-rank rguruvannagari author-rank
Super Collaborator

Created ‎12-05-2016 11:18 AM

@subash sharma No we dont have such feature to set policies as per Hive views.

Ranger plugins are for the HDP services and are not related to Ambari views. If you would like to set authorization for views, you can set it from Ambari itself.

3,628 Views
0 Kudos

avatar
author-rank subash_sharma
Expert Contributor

Created ‎12-05-2016 11:23 AM

hey @rguruvannagari , I am referring to the views which generally gets created on top of the tables in hive, please don't get confused with Hive View Console in Ambari.

For example, If i have an employee table, I can create an employee View using some columns

3,628 Views
0 Kudos

avatar
author-rank sshimpi
Super Guru

Created ‎12-05-2016 11:45 AM

@subash sharma

From Ranger you can authorized policies based on UDF and tables for HIVE.

Hive view cannot be used to authorize using Ranger.

3,629 Views

avatar
author-rank mneethiraj author-rank
Rising Star

Created ‎12-18-2016 08:07 PM

>> Hive view cannot be used to authorize using Ranger.

This is not true. Ranger Hive policies don't distinguish between Hive tables and views. You can simply provide view name in Ranger policy instead of table name.

3,628 Views

avatar
author-rank bmathew
Guru

Created ‎12-05-2016 04:01 PM

You can create views in Hive and apply Ranger permissions to them.

This was a very common thing to do before we released HDP 2.5 with dynamic masking and row level filtering.

For example, prior to HDP 2.5 clients would create a view on top of a base table, let's say a CUSTOMER table, and in the view they would mask/hash certain PII fields such as Social Security Number and email address. Next, they would use Ranger to restrict access to the base CUSTOMER table and apply SELECT access to the view.

3,628 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements