Support Questions
Find answers, ask questions, and share your expertise

HIVE Proxy user impersonate

Explorer

Hi Team,

I have a requirement to run a job using HIVE permission without actually using HIVE keytab file. Since iam using Ranger [hive.server2.enable.doAs ] should not use correct me if iam wrong. Help how to acheive this..

5 REPLIES 5

Re: HIVE Proxy user impersonate

Guru

hive.server2.enable.doAs to false will get you exactly that. Ultimate job gets submitted as user 'hive', but you will submit your query using your user keytab (not hive keytab).

Re: HIVE Proxy user impersonate

Explorer

Hi Ravi,

Thanks for your update. But iam also using Ranger. I heard that making that parameter FALSE will affect other configuration. Please confirm

Re: HIVE Proxy user impersonate

Guru

Ranger also recommends setting hive.server2.enable.doAs to false and manager user access from hive policy.

Re: HIVE Proxy user impersonate

@suresh krish even if you are using ranger then also hive.server2.enable.doAs will be used, configure hive.server2.enable.doAs=false , but make sure you have default policy configured for hive user too.

Re: HIVE Proxy user impersonate

You can achieve this by using hive.server2.enable.doAs is set to "false" which means is that Hiveserver2 will run jobs in HDFS as "hive" user. You are right, using this approach have its own drawback. One of them below:-

https://www.linkedin.com/pulse/best-practices-hive-authorization-when-using-presto-connector-kumar?t...