Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Check out our newest addition to the community, the Cloudera Data Analytics (CDA) group hub.
Solved Go to solution

Hive Ranger policy is not applied

Labels:
kamlepooja_raje
Explorer

Created ‎10-26-2016 09:42 AM

Hi,

I am trying to apply Ranger policies for Hive. I have created a policy but it seems that the policy is not applied. The audit logs that are shown in Ranger-> Audit are also confusing. I am trying to execute queries from Hive CLI.

I have a database called 'employee'. I have created a table empdetails having columns empno, empname and salary.

When I query 'select empno from empdetails' , it still shows me all the records as the policy states only 'empname' must be accessible by user 'mohang'.

It would be helpful if some one can provide some solution and suggestions. Attached are the screenshots.

Thanks.


ranger-audit.pnghdfs-ranger-policy-for-hive-warehouse.pnghive-policy.png
1,855 Views
0 Kudos
1 ACCEPTED SOLUTION

dsharma
Guru

Created ‎10-26-2016 09:46 AM

i guess you have some other policy too that is allowing this operation in hive, can you filter the audits with servicetype = hive , because the image you attached is having all the entries for hdfs audit

View solution in original post

1,533 Views
8 REPLIES 8

dsharma
Guru

Created ‎10-26-2016 09:46 AM

i guess you have some other policy too that is allowing this operation in hive, can you filter the audits with servicetype = hive , because the image you attached is having all the entries for hdfs audit

1,534 Views

kamlepooja_raje
Explorer

Created ‎10-26-2016 10:11 AM

I have attached screenshot for hive audit. In this only "USE' access type audits are displayed for servicetype=Hive


ranger-audit-1.png
1,533 Views
0 Kudos

dsharma
Guru

Created ‎10-26-2016 10:53 AM

there is no entry related to operation you performed , can you please check the correct time instance and as per Terry suggestion , are you using hive cli or hiveserver beeline ?

1,533 Views
0 Kudos

kamlepooja_raje
Explorer

Created ‎10-27-2016 04:59 AM

Right now I am trying with Hive CLI as I am familiar with it. So, is it that the Ranger hive plugin won't work with Hive CLI at all?

1,533 Views
0 Kudos

dsharma
Guru

Created ‎10-27-2016 06:03 AM

yes it will not work at all with hive cli , better you use beeline, thanks!

1,533 Views
0 Kudos

tstebbens
Contributor

Created ‎10-26-2016 09:47 AM

@Pooja Kamle Ranger policies are not applied to Hive CLI which is old technology and may be phased out in the future. You should be using Beeline/JDBC/ODBC to connect to Hiveserver2.

1,533 Views

vperiasamy
Guru

Created ‎10-26-2016 01:21 PM

Ranger plugin works with Hive Server2. Can you use beeline?

1,533 Views
0 Kudos

kamlepooja_raje
Explorer

Created ‎10-27-2016 05:00 AM

@vperiasamy

Yes, I understand from @Deepak Sharma and @Terry Stebbens that Hive Ranger plugin works with Beeline and not Hive CLI.

1,533 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
Product Announcements
CDP Public Cloud: May 2023 Release Summary
What's New @ Cloudera
Cloudera Operational Database (COD) provides enhancements to the --scale-type CDP CLI option
What's New @ Cloudera
Cloudera Operational Database (COD) UI supports creating a smaller cluster using a predefined Data Lake template
What's New @ Cloudera
Cloudera Operational Database (COD) supports scaling up the clusters vertically
Product Announcements
CDP Public Cloud: April 2023 Release Summary
View More Announcements