Support Questions
Find answers, ask questions, and share your expertise

Can we create policies on Hive Views in Apache Ranger ??

Hey Guys,

When we create a policy on hive database, Ranger usually shows to opt either Tables or UDF, So far i haven't seen any option to choose Hive View. Is it possible to create tag based policy on hive views??

Any help would be appreciated

Thanks in Advance,

Subash

1 ACCEPTED SOLUTION

Accepted Solutions

@subash sharma

From Ranger you can authorized policies based on UDF and tables for HIVE.

Hive view cannot be used to authorize using Ranger.

View solution in original post

5 REPLIES 5

Super Collaborator

@subash sharma No we dont have such feature to set policies as per Hive views.

Ranger plugins are for the HDP services and are not related to Ambari views. If you would like to set authorization for views, you can set it from Ambari itself.

hey @rguruvannagari , I am referring to the views which generally gets created on top of the tables in hive, please don't get confused with Hive View Console in Ambari.

For example, If i have an employee table, I can create an employee View using some columns

@subash sharma

From Ranger you can authorized policies based on UDF and tables for HIVE.

Hive view cannot be used to authorize using Ranger.

View solution in original post

Contributor

>> Hive view cannot be used to authorize using Ranger.

This is not true. Ranger Hive policies don't distinguish between Hive tables and views. You can simply provide view name in Ranger policy instead of table name.

You can create views in Hive and apply Ranger permissions to them.

This was a very common thing to do before we released HDP 2.5 with dynamic masking and row level filtering.

For example, prior to HDP 2.5 clients would create a view on top of a base table, let's say a CUSTOMER table, and in the view they would mask/hash certain PII fields such as Social Security Number and email address. Next, they would use Ranger to restrict access to the base CUSTOMER table and apply SELECT access to the view.