Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Can we create policies on Hive Views in Apache Ranger ??

avatar
Expert Contributor

Hey Guys,

When we create a policy on hive database, Ranger usually shows to opt either Tables or UDF, So far i haven't seen any option to choose Hive View. Is it possible to create tag based policy on hive views??

Any help would be appreciated

Thanks in Advance,

Subash

1 ACCEPTED SOLUTION

avatar
Super Guru
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
5 REPLIES 5

avatar
Super Collaborator

@subash sharma No we dont have such feature to set policies as per Hive views.

Ranger plugins are for the HDP services and are not related to Ambari views. If you would like to set authorization for views, you can set it from Ambari itself.

avatar
Expert Contributor

hey @rguruvannagari , I am referring to the views which generally gets created on top of the tables in hive, please don't get confused with Hive View Console in Ambari.

For example, If i have an employee table, I can create an employee View using some columns

avatar
Super Guru
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login

avatar
Rising Star

>> Hive view cannot be used to authorize using Ranger.

This is not true. Ranger Hive policies don't distinguish between Hive tables and views. You can simply provide view name in Ranger policy instead of table name.

avatar

You can create views in Hive and apply Ranger permissions to them.

This was a very common thing to do before we released HDP 2.5 with dynamic masking and row level filtering.

For example, prior to HDP 2.5 clients would create a view on top of a base table, let's say a CUSTOMER table, and in the view they would mask/hash certain PII fields such as Social Security Number and email address. Next, they would use Ranger to restrict access to the base CUSTOMER table and apply SELECT access to the view.