Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Hive Ranger policy is not applied

Solved Go to solution
Highlighted

Hive Ranger policy is not applied

Hi,

I am trying to apply Ranger policies for Hive. I have created a policy but it seems that the policy is not applied. The audit logs that are shown in Ranger-> Audit are also confusing. I am trying to execute queries from Hive CLI.

I have a database called 'employee'. I have created a table empdetails having columns empno, empname and salary.

When I query 'select empno from empdetails' , it still shows me all the records as the policy states only 'empname' must be accessible by user 'mohang'.

It would be helpful if some one can provide some solution and suggestions. Attached are the screenshots.

Thanks.


ranger-audit.pnghdfs-ranger-policy-for-hive-warehouse.pnghive-policy.png
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: Hive Ranger policy is not applied

i guess you have some other policy too that is allowing this operation in hive, can you filter the audits with servicetype = hive , because the image you attached is having all the entries for hdfs audit

View solution in original post

8 REPLIES 8
Highlighted

Re: Hive Ranger policy is not applied

i guess you have some other policy too that is allowing this operation in hive, can you filter the audits with servicetype = hive , because the image you attached is having all the entries for hdfs audit

View solution in original post

Highlighted

Re: Hive Ranger policy is not applied

I have attached screenshot for hive audit. In this only "USE' access type audits are displayed for servicetype=Hive


ranger-audit-1.png
Highlighted

Re: Hive Ranger policy is not applied

there is no entry related to operation you performed , can you please check the correct time instance and as per Terry suggestion , are you using hive cli or hiveserver beeline ?

Highlighted

Re: Hive Ranger policy is not applied

Right now I am trying with Hive CLI as I am familiar with it. So, is it that the Ranger hive plugin won't work with Hive CLI at all?

Highlighted

Re: Hive Ranger policy is not applied

yes it will not work at all with hive cli , better you use beeline, thanks!

Highlighted

Re: Hive Ranger policy is not applied

Contributor

@Pooja Kamle Ranger policies are not applied to Hive CLI which is old technology and may be phased out in the future. You should be using Beeline/JDBC/ODBC to connect to Hiveserver2.

Highlighted

Re: Hive Ranger policy is not applied

Ranger plugin works with Hive Server2. Can you use beeline?

Highlighted

Re: Hive Ranger policy is not applied

@vperiasamy

Yes, I understand from @Deepak Sharma and @Terry Stebbens that Hive Ranger plugin works with Beeline and not Hive CLI.

Don't have an account?
Coming from Hortonworks? Activate your account here