Support Questions
Find answers, ask questions, and share your expertise

How to manage Hive warehouse HDFS directory permission?

I have a HDP-2.6 cluster. I would like to control access to Hive tables through Ranger. I would also like to run my queries as an end-user. I followed HDP documentation of Ranger and set up 000 permission for directory /apps/warehouse/hive.

What I noticed while working is, Ranger policies doesn't solely work on policies created for Hive(database and tables). Though if a user has WRITE permission defined in Ranger policy, it still needs WRITE permission for the corresponding table's directory in HDFS. If my database has 1000+ tables and a user needs WRITE permission only for 200 tables, then I have to create ranger HDFS policy(s) for those 200 directories with WRITE permission to the user.

I can give WRITE permission at a database level however, I am worried about a possibility for user removes files of other tables from command line. Can you give/direct me to design practices for managing Hive tables with Ranger policies without impersonation?


Rising Star

Please delete this duplicate thread, as I have answered the original question here.