Support Questions
Find answers, ask questions, and share your expertise

Control Ranger User Exclude/Deny Conditions in Hue Hive Query on CDP Issue.

New Contributor

Envs

CDP 7.1.6-1.cdh7.1.6

AD

 

Test case.

1. Created Policy to access Hive DB -> Hive Policy

 

2. Main Condition:

Hive DB : *

Hive Table : *

Hive Column : *

 

3. Group&User Info from AD:

a_user (a_group, b_group)

b_user(b_group)

 

4. Allow Condition:

Select Group -> a_group

Permissions -> all

Select Group -> b_group

Permissions -> all

 

5. Exclude from Allow Conditions:

Select User -> a_user

Permissions -> select

Select User -> b_user

Permissions -> select

 

In this case,

I ran the Hive query test.

 

connect to beeline directly as a_user

connect to hue and connect hive editor as a_user

and run same select query from any db.table

 

1st. a_user case

beeline query is denied : expected result

hue hive query is worked : unexpected result

2nd. b_user case

beeline query is denied : expected result

hue hive query is denied : expected result

 

My question is, in case of, a_user, this user belong to two group only.

But why a_user still using select query in hue hive editor?

If I add a_group and a_user or a_group and b_group and a_user, then

other users which are belong to same groups, they can't use query.

Is that a hue or ranger bug or something to need to add option in Ranger additionally?

0 REPLIES 0