Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Hive Ranger policy is not applied

Labels:
avatar
author-rank kamlepooja_raje
Rising Star

Created ‎10-26-2016 09:42 AM

Hi,

I am trying to apply Ranger policies for Hive. I have created a policy but it seems that the policy is not applied. The audit logs that are shown in Ranger-> Audit are also confusing. I am trying to execute queries from Hive CLI.

I have a database called 'employee'. I have created a table empdetails having columns empno, empname and salary.

When I query 'select empno from empdetails' , it still shows me all the records as the policy states only 'empname' must be accessible by user 'mohang'.

It would be helpful if some one can provide some solution and suggestions. Attached are the screenshots.

Thanks.


ranger-audit.pnghdfs-ranger-policy-for-hive-warehouse.pnghive-policy.png
3,253 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank dsharma author-rank
Guru

Created ‎10-26-2016 09:46 AM

i guess you have some other policy too that is allowing this operation in hive, can you filter the audits with servicetype = hive , because the image you attached is having all the entries for hdfs audit

View solution in original post

2,931 Views
8 REPLIES 8

avatar
author-rank dsharma author-rank
Guru

Created ‎10-26-2016 09:46 AM

i guess you have some other policy too that is allowing this operation in hive, can you filter the audits with servicetype = hive , because the image you attached is having all the entries for hdfs audit

2,932 Views

avatar
author-rank kamlepooja_raje
Rising Star

Created ‎10-26-2016 10:11 AM

I have attached screenshot for hive audit. In this only "USE' access type audits are displayed for servicetype=Hive


ranger-audit-1.png
2,931 Views
0 Kudos

avatar
author-rank dsharma author-rank
Guru

Created ‎10-26-2016 10:53 AM

there is no entry related to operation you performed , can you please check the correct time instance and as per Terry suggestion , are you using hive cli or hiveserver beeline ?

2,931 Views
0 Kudos

avatar
author-rank kamlepooja_raje
Rising Star

Created ‎10-27-2016 04:59 AM

Right now I am trying with Hive CLI as I am familiar with it. So, is it that the Ranger hive plugin won't work with Hive CLI at all?

2,931 Views
0 Kudos

avatar
author-rank dsharma author-rank
Guru

Created ‎10-27-2016 06:03 AM

yes it will not work at all with hive cli , better you use beeline, thanks!

2,931 Views
0 Kudos

avatar
author-rank tstebbens
Expert Contributor

Created ‎10-26-2016 09:47 AM

@Pooja Kamle Ranger policies are not applied to Hive CLI which is old technology and may be phased out in the future. You should be using Beeline/JDBC/ODBC to connect to Hiveserver2.

2,931 Views

avatar
author-rank vperiasamy author-rank
Guru

Created ‎10-26-2016 01:21 PM

Ranger plugin works with Hive Server2. Can you use beeline?

2,931 Views
0 Kudos

avatar
author-rank kamlepooja_raje
Rising Star

Created ‎10-27-2016 05:00 AM

@vperiasamy

Yes, I understand from @Deepak Sharma and @Terry Stebbens that Hive Ranger plugin works with Beeline and not Hive CLI.

2,931 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements