Created 07-25-2016 09:47 AM
I want to restrict the user "xxx" in group"yyy" to read only permission on hive data so did the below in edge node of my PROD cluster
hadoop fs -setfacl -R -m group:yyy:r-- /apps/hive/warehouse
hadoop fs -getfacl /apps/hive/warehouse
# file: /apps/hive/warehouse
# owner: hive
# group: hdfs
But i login to user "xxx" in hive i can easily create database in /apps/hive/warehouse
hive> create database testdb2;
OK Time taken: 0.417 seconds
Can any one solve this issue ..how can i restrict the user xxx in group: yyy to not having any write access on hive database...?
Hi @sankar rao ,
did you ensure that user 'xxx' is just member of group 'yyy' on the NAMENODE, and not part of also other group ?!?!
I'd also highly recommend to use Ranger for that, if already enabled, what are the entries in Ranger audit of exactly those steps you mentioned ?
Thanks you Gerd ..i am not see this user in namenode. This user 'xxx' is onboarded only in EDGE node.
In Edge node user 'xxx' has member of the group 'zzz' only.
HADOOP1-230-8:~ # id xxx
uid=25517(xxx) gid=100(users) groups=100(users),25501(zzz)
linux : /home
drwxr-xr-x 2 xxx hdfs 4.0K Jul 24 08:44 xxx
drwxr-xr-x - xxx cid 0 2016-07-24 08:30 /user/xxx
I have try to restrict the user only(xxx) hadoop fs -setfacl -m user:xxx:r-- /apps/hive/warehouse
its working good...but i con't restrict the group...
Can please tel me how can i solve this issue...i have 100+ user ...
Please see the blog if this help https://cwiki.apache.org/confluence/display/Hive/SQL+Standard+Based+Hive+Authorization
Because I already done this to restrict the user with creating role and provide them access as we want to give.