Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

Job user name issue

avatar
author-rank antonyshajin
Contributor

Created ‎06-10-2016 10:16 AM

We have a 6 node Kerberized cluster(HDP 2.4.2). We are using Hive View for querying hive tables. when we executed queries, the jobs were submitted with logged in user name. However after I installed Ranger, the jobs are being submitted as user hive.

Are we missing any setup?

Thanks in advance.

947 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank aanghel author-rank
Super Collaborator

Created ‎06-10-2016 10:44 AM

Hi Antony,

By default, impersonation is enabled (hive.server2.enable.doAs is set to true) so the job appears to be running as the user submitting it.

However, when Ranger is enabled, this is turned off so the queries are submitted as the system user that the HiveServer2 process is running under (which is hive).

You can use either setting depending on how your users access the data.

If only HiveServer2 is used to access the data and all tables are managed by hive, then you can leave the impersonation turned off.

However if the hive data is being accessed and written from other tools (such as Pig or MR jobs), then you can turn the impersonation back on and also use Ranger to configure the correct HDFS permissions.

More about this and the best practice for each use case: http://hortonworks.com/blog/best-practices-for-hive-authorization-using-apache-ranger-in-hdp-2-2/

Regards,

Alex

View solution in original post

825 Views
0 Kudos
2 REPLIES 2

avatar
author-rank aanghel author-rank
Super Collaborator

Created ‎06-10-2016 10:44 AM

Hi Antony,

By default, impersonation is enabled (hive.server2.enable.doAs is set to true) so the job appears to be running as the user submitting it.

However, when Ranger is enabled, this is turned off so the queries are submitted as the system user that the HiveServer2 process is running under (which is hive).

You can use either setting depending on how your users access the data.

If only HiveServer2 is used to access the data and all tables are managed by hive, then you can leave the impersonation turned off.

However if the hive data is being accessed and written from other tools (such as Pig or MR jobs), then you can turn the impersonation back on and also use Ranger to configure the correct HDFS permissions.

More about this and the best practice for each use case: http://hortonworks.com/blog/best-practices-for-hive-authorization-using-apache-ranger-in-hdp-2-2/

Regards,

Alex

826 Views
0 Kudos

avatar
author-rank antonyshajin
Contributor

Created ‎06-10-2016 12:18 PM

Thanks Alex

825 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements