Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to set user authorization at parition level on Hive table

How to set user authorization at parition level on Hive table

New Contributor
 
4 REPLIES 4
Highlighted

Re: How to set user authorization at parition level on Hive table

Super Guru

@Rajeev Vandakar

Partitions are created to prune data for efficient queries. You cannot set authorization on partition level. You can however, create views on your table and then grant access to views to different groups. You can also set column level authorization but not partition and it doesn't make sense to have authorization on a partition where you might be partitioning based on let's say date, state or something like that. For example, if you want people to access data for certain states only, in those case you can use column level authorization.

Highlighted

Re: How to set user authorization at parition level on Hive table

@Rajeev Vandakar

I agree with @mqureshi in that you cannot set authorizations on the partition level for your use case. If you do not have Ranger then it is best to take his suggested solution of creating views for different groups.

However, it would be more beneficial to install Ranger and use that. As of HDP 2.5, Ranger supports Row-Level Filtering. That enables you to set permissions on rows within your table. So, for your case, your filter would be based on the condition "country={country}". This way, users will only see rows/data to countries they have permissions/access to, even though all the data is in the same table.

Below is a link to a blog about Row-Level Filtering (amongst other Ranger capabilities) that uses an example to filter by country (similar to what you want to do):

https://hortonworks.com/blog/eyes-dynamic-column-masking-row-level-filtering-hdp2-5/

For details on how to setup row-level filtering take a look here:

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.3/bk_security/content/ranger_row_level_filter...

As always, if you find our responses helpful, don't forget to "accept" answer.

Highlighted

Re: How to set user authorization at parition level on Hive table

New Contributor

My hive table is with 2 partitions, Country and YearMonth. I want to set authorization at 1st partition, so that user can access/query only to their country data.

Apache Ranger is not installed. How to proceed with and without Apache Ranger?

Highlighted

Re: How to set user authorization at parition level on Hive table

Which version of HDP are you using?

Don't have an account?
Coming from Hortonworks? Activate your account here