Support Questions
Find answers, ask questions, and share your expertise

Controlling access to Hive databases/Tables while accessing through Spark

Explorer

Hi All,

 

In our CDH production cluster, we have setup spark, we plan to give access to all the end users/developers/BI users,etc. But we learnt any valid user after getting their own user kerb TGT, can get hold of sqlContext (in program or in shell) and can run any query against any secure databases.

 

This puts us in a critical condition as we do not want to give blanket permission to everyone. We are looking forward to a solution or a work around, by which we can give secure access only to the selected users to sensetive tables/database.

 

Failing to do so, we would like to remove/disable the SparkSQL context/feature for everyone.  

 

Any pointers in this direction will be very valueable.

 

Thank you,

Arpan

 
1 REPLY 1

Expert Contributor

Hi Arpan,

 

Please take a look at HDFS ACL sync through Sentry: http://www.cloudera.com/documentation/enterprise/latest/topics/sg_hdfs_sentry_sync.html.  This will set permissions to ACLs for Hive tables so users will only have access to read HDFS files only if they can access the Hive tables.

 

Thanks,
Jason