Support Questions
Find answers, ask questions, and share your expertise

Control Ranger User Exclude/Deny Conditions in Hue Hive Query on CDP Issue.

New Contributor


CDP 7.1.6-1.cdh7.1.6



Test case.

1. Created Policy to access Hive DB -> Hive Policy


2. Main Condition:

Hive DB : *

Hive Table : *

Hive Column : *


3. Group&User Info from AD:

a_user (a_group, b_group)



4. Allow Condition:

Select Group -> a_group

Permissions -> all

Select Group -> b_group

Permissions -> all


5. Exclude from Allow Conditions:

Select User -> a_user

Permissions -> select

Select User -> b_user

Permissions -> select


In this case,

I ran the Hive query test.


connect to beeline directly as a_user

connect to hue and connect hive editor as a_user

and run same select query from any db.table


1st. a_user case

beeline query is denied : expected result

hue hive query is worked : unexpected result

2nd. b_user case

beeline query is denied : expected result

hue hive query is denied : expected result


My question is, in case of, a_user, this user belong to two group only.

But why a_user still using select query in hue hive editor?

If I add a_group and a_user or a_group and b_group and a_user, then

other users which are belong to same groups, they can't use query.

Is that a hue or ranger bug or something to need to add option in Ranger additionally?