Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to prevent access to hive database via hivecontext?

Solved Go to solution
Highlighted

How to prevent access to hive database via hivecontext?

New Contributor

I've set up ranger on my cluster to enforce permission on databases. It works fantastically with ODBC connections. However, I also have a pyspark kernel for Jupyter Notebook running on the server, which completely bypass any policies applied i.e. by calling HiveContext any users access any database regardless of the permissions I setup on Ranger Hive.

Hive authorization is my primary goal but SparkContext on my Jupyter Notebook would be invaluable as well. Any pointers on how to set this up correctly is highly appreciated.

Thank you.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: How to prevent access to hive database via hivecontext?

@Pee Tankulrat

Also make sure that it is not failing back to POSIX permission.

Remove all POSIX permission from the directory using hdfs dfs -chmod

View solution in original post

6 REPLIES 6
Highlighted

Re: How to prevent access to hive database via hivecontext?

@Pee Tankulrat, As of now Spark will not honour hive acl's. One thing you can do is to add rules for the underlying HDFS directory of a hive db and precent users to access it.

Highlighted

Re: How to prevent access to hive database via hivecontext?

New Contributor

56554-ranger.png

Thank you @Sandeep Nemuri for your tips. But, I went over to my Ranger's HDFS policy and saw that currently the users do not have direct access to the hive directory? As the policy is usually deny all except when there's an access policy for it?

Do I have to modify this policy?

Highlighted

Re: How to prevent access to hive database via hivecontext?

@Pee Tankulrat

Yes, the policy usually denied all except when there's an access policy for it. This should be ok.

Highlighted

Re: How to prevent access to hive database via hivecontext?

@Pee Tankulrat

Also make sure that it is not failing back to POSIX permission.

Remove all POSIX permission from the directory using hdfs dfs -chmod

View solution in original post

Highlighted

Re: How to prevent access to hive database via hivecontext?

New Contributor

Thanks @Sandeep Nemuri and @Rahul Pathak

I think the POSIX permission is most likely what's bypassing this. I'll give it a try and let you know again.

Since then I have spotted another problem with group policy in Ranger.

It appears that users' group doesn't seems to be working for us (allowing a group that the user is a member of, does not grant access). I've try setting hive group based policy (Authenticated with LDAP), but none seems to be working (User based policy works flawlessly). Am I missing anything?

Highlighted

Re: How to prevent access to hive database via hivecontext?

@Pee Tankulrat, As Rahul mentioned you need to make sure that policy is not failing back to POSIX permission. And for group policy issue, you may ask another question with more details.

Don't have an account?
Coming from Hortonworks? Activate your account here