Support Questions

ssuja · ‎08-08-2022

Hi ,

We are having four nodes CDP 7.1.7 SP1 cluster.

Currently , when a normal hive user creates a database, the database ownership is getting assigned to hive:supergroup in /external/hive which is default.

We want the /external/hive database ownership to be assigned to the user who is creating a database.

For example:

User "Test " is creates one database, the ownership should be like:

drwxr-xr-x - test supergroup 0 2022-07-05 17:35 /warehouse/tablespace/exteranl/hive/test_db

Kindly let us know if this is possible.

smruti · ‎08-18-2022

@ssuja I am afraid it's not achievable using Ranger. If you already have a data directory owned by a specific user, say user1, you may create a policy in Ranger providing hive and other users access to that directory path(URI), and keep the physical path owned by user1 itself. See, if this is something you can work with. I should also mention, creating an external Hive table without Location clause, will create a directory with hive ownership, for Impersonation is disabled in Hive.

View solution in original post

ssuja · ‎08-10-2022

Hi , could you please help on this??!!

smruti · ‎08-12-2022

Hi @ssuja there is a Hive property that would help you achieve what you are aiming for. Look for hive.server2.enable.doAs under Hive on Tez configurations and enable it. However, there is a catch. This property needs to be disabled if you are using Ranger for authorization. If you are not using Ranger, and using Storage Based Authorization(which is not the recommended in CDP), then you could definitely enable this. Refer to the doc here.

ssuja · ‎08-15-2022

Hi Smruti,

Are we able to achieve this :

"We want the /external/hive database ownership to be assigned to the user who is creating a database " by creating any custom policies in Ranger ?

smruti · ‎08-18-2022

@ssuja I am afraid it's not achievable using Ranger. If you already have a data directory owned by a specific user, say user1, you may create a policy in Ranger providing hive and other users access to that directory path(URI), and keep the physical path owned by user1 itself. See, if this is something you can work with. I should also mention, creating an external Hive table without Location clause, will create a directory with hive ownership, for Impersonation is disabled in Hive.

VidyaSargur · ‎08-24-2022

@ssuja, Has the reply helped resolve your issue? If so, please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future.

Regards,

Vidya Sargur,
Community Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
Community Guidelines
How to use the forum

Support Questions

How to give access to users to create and own databases in CDP 7.1.7 Hive.