Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here. Want to know more about what has changed? Check out the Community News blog.

HDFS folder permissions to prevent access to Hive tables

Highlighted

HDFS folder permissions to prevent access to Hive tables

Rising Star

Hello,

 

I have a CDH 5.11 cluster. Users are authenticated using KDC.

 

I want to restrict access to Hive databases to specific users, who will be able to:

 

  1. access only specific databases
  2. submit spark jobs to the cluster

 

Can I achieve this without Sentry, by configuring HDFS files/floders permissions? There are only few databases (4).

 

 

Thank you,

Gerasimos

3 REPLIES 3

Re: HDFS folder permissions to prevent access to Hive tables

Explorer

I think you are trying to find easy but unsecure solution to your problem. if you want to limit your users to reach your certain databases, file restriction wouldnt be a primary solution.

Try to set up sentry , it is invented especially for these kinds of task.

 

here is the link:

https://www.cloudera.com/documentation/enterprise/5-7-x/topics/sg_sentry_service_config.html

 

Re: HDFS folder permissions to prevent access to Hive tables

Rising Star
Thank you. I am aware of Sentry as I mentioned, but tried to exhaust any other alternatives.

Re: HDFS folder permissions to prevent access to Hive tables

Explorer

you can try to restrict permissions on hive metadata for a specific table or even database

for example: if your cluster metadata is set up with mysql, you can limit the user access on metadata permission.