Support Questions
Find answers, ask questions, and share your expertise
Announcements
Check out our newest addition to the community, the Cloudera Innovation Accelerator group hub.

Hive-Interactive doesn't support user impersonation in HDP 2.6.5

Explorer

We use beeline to access hive. To connect we have two connection strings : hiveserver2 and hiveserver2-hive2(interactive). We want to block some users from accessing Interactive connection string and restrict them to hiveserver2. Hive-Interactive doesn't support user impersonation in HDP 2.6.5, Since there is no impersonation we can't restrict users in Ranger. Is there any way to do this in HDP 2.6.5? We don't want to upgrade the cluster.

1 REPLY 1

New Contributor

That is true. However if you have a Gateway Server then you can restrict via IPTABLES

 

Block Hive Interactive Port(10501) from your gateway server. This way any user on gateway nodes will be unable to connect to LLAP string

 

/sbin/iptables -A OUTPUT -p tcp -d <HiveInteractive_IP> --dport <HiveInteractive_Port> -j DROP