Support Questions

KuldeepK · ‎01-20-2016

I have configured ranger authorization for hive and want to force all the users to use beeline and want to block access to hive shell to all the users.

I know one workaround - we can revoke execute access for below file on all hive-clients.

/usr/hdp/current/hive-client/bin/hive

By doing this it could cause an issue to jobs scheduled via workflow engines like oozie or azkabaan etc.

Is there any other effective way to do this ?

KuldeepK · ‎01-21-2016

Suggestion given by @Hajime

We can add below lines in hive-env template via ambari to disable hive-shell

if [ "$SERVICE" = "cli" ]; then
echo "Sorry! I have disabled hive-shell"
exit 1 
fi

After restarting hive services, when you try to run hive shell then you will get below output

[root@sandbox hive]# hive
Sorry! I have disabled hive-shell

View solution in original post

amiller · ‎07-11-2016

The only way to reliably accomplish this is to prevent users from logging into cluster nodes at all, and force them to use beeline to access HS2 in HTTP mode through Knox.

Every solution recommending changes to hive-env.sh or hive.distro can be overridden by using a modified copy of those files. Those files could even be copied from elsewhere, because this is all open source.

Cloudera Community

Support Questions

How to disable hive shell for all users (Hive CLI)