Support Questions
Find answers, ask questions, and share your expertise

Hive Ranger policy is not applied

Hi,

I am trying to apply Ranger policies for Hive. I have created a policy but it seems that the policy is not applied. The audit logs that are shown in Ranger-> Audit are also confusing. I am trying to execute queries from Hive CLI.

I have a database called 'employee'. I have created a table empdetails having columns empno, empname and salary.

When I query 'select empno from empdetails' , it still shows me all the records as the policy states only 'empname' must be accessible by user 'mohang'.

It would be helpful if some one can provide some solution and suggestions. Attached are the screenshots.

Thanks.


ranger-audit.pnghdfs-ranger-policy-for-hive-warehouse.pnghive-policy.png
1 ACCEPTED SOLUTION

Accepted Solutions

Re: Hive Ranger policy is not applied

i guess you have some other policy too that is allowing this operation in hive, can you filter the audits with servicetype = hive , because the image you attached is having all the entries for hdfs audit

View solution in original post

8 REPLIES 8

Re: Hive Ranger policy is not applied

i guess you have some other policy too that is allowing this operation in hive, can you filter the audits with servicetype = hive , because the image you attached is having all the entries for hdfs audit

View solution in original post

Re: Hive Ranger policy is not applied

I have attached screenshot for hive audit. In this only "USE' access type audits are displayed for servicetype=Hive


ranger-audit-1.png

Re: Hive Ranger policy is not applied

there is no entry related to operation you performed , can you please check the correct time instance and as per Terry suggestion , are you using hive cli or hiveserver beeline ?

Re: Hive Ranger policy is not applied

Right now I am trying with Hive CLI as I am familiar with it. So, is it that the Ranger hive plugin won't work with Hive CLI at all?

Re: Hive Ranger policy is not applied

yes it will not work at all with hive cli , better you use beeline, thanks!

Re: Hive Ranger policy is not applied

Contributor

@Pooja Kamle Ranger policies are not applied to Hive CLI which is old technology and may be phased out in the future. You should be using Beeline/JDBC/ODBC to connect to Hiveserver2.

Re: Hive Ranger policy is not applied

Ranger plugin works with Hive Server2. Can you use beeline?

Re: Hive Ranger policy is not applied

@vperiasamy

Yes, I understand from @Deepak Sharma and @Terry Stebbens that Hive Ranger plugin works with Beeline and not Hive CLI.