Support Questions
Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Check out our newest addition to the community, the Cloudera Innovation Accelerator group hub.

Hive-Interactive doesn't support user impersonation in HDP 2.6.5

kishore1986
Explorer

Created on ‎02-03-2020 12:43 AM - last edited on ‎02-03-2020 01:38 AM by Community Manager Community Manager

We use beeline to access hive. To connect we have two connection strings : hiveserver2 and hiveserver2-hive2(interactive). We want to block some users from accessing Interactive connection string and restrict them to hiveserver2. Hive-Interactive doesn't support user impersonation in HDP 2.6.5, Since there is no impersonation we can't restrict users in Ranger. Is there any way to do this in HDP 2.6.5? We don't want to upgrade the cluster.

340 Views
0 Kudos
1 REPLY 1

vikas10_gupta
New Contributor

Created on ‎03-12-2020 02:13 AM - edited ‎03-12-2020 02:15 AM

That is true. However if you have a Gateway Server then you can restrict via IPTABLES

 

Block Hive Interactive Port(10501) from your gateway server. This way any user on gateway nodes will be unable to connect to LLAP string

 

/sbin/iptables -A OUTPUT -p tcp -d <HiveInteractive_IP> --dport <HiveInteractive_Port> -j DROP

302 Views
0 Kudos
Don't have an account?
Register
Announcements
What's New @ Cloudera
Cloudera Streaming Analytics 7.2.15 for Public Cloud - New Features
What's New @ Cloudera
Cloudera Streams Messaging 7.2.15 for Public Cloud - New Features
What's New @ Cloudera
Cloudera Streaming Analytics 1.7.0 For Private Cloud - New Features
What's New @ Cloudera
Cloudera DataFlow for the Public Cloud introduces Inbound Connections and supports Apache NiFi 1.16
Product Announcements
CDP Public Cloud Release Summary: April 2022
View More Announcements