Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Ranger Dynamic query rewrite available for hive?

avatar
author-rank sunile_manjee author-rank
Master Guru

Created ‎11-14-2016 09:12 PM

Is dynamic query rewrite avialable for hive as it is In HDP 2.5 dynamic query rewrite via Ranger for SparkSQL?

1,720 Views
0
1 ACCEPTED SOLUTION

avatar
author-rank azeltov
Guru

Created on ‎11-15-2016 03:56 PM - edited ‎08-18-2019 03:22 AM

@Sunile Manjee Answer is Yes. In HDP 2.5 Spark Column Security is available with LLAP and Ranger integration

You get Fine-Grained Column Level Access Control for SparkSQL. Fully dynamic policies per user. Doesn’t require views. Use Standard Ranger policies and tools to control access and masking policies.

Flow:

1.SparkSQL gets data locations known as “splits” from HiveServer and plans query.

2.HiveServer2 authorizes access using Ranger. Per-user policies like row filtering are applied.

3.Spark gets a modified query plan based on dynamic security policy.

4.Spark reads data from LLAP. Filtering / masking guaranteed by LLAP server.

9450-screen-shot-2016-11-15-at-105644-am.png

9449-screen-shot-2016-11-15-at-105545-am.png

View solution in original post

1,491 Views
0 Kudos
0
2 REPLIES 2

avatar
author-rank slachterman
Guru

Created ‎11-15-2016 12:37 AM

Ranger supports row-level filtering for Hive in 2.5, and accomplishes this by dynamically rewriting the query. I believe LLAP is a dependency for row-level filtering in SparkSQL.

1,491 Views

avatar
author-rank azeltov
Guru

Created on ‎11-15-2016 03:56 PM - edited ‎08-18-2019 03:22 AM

@Sunile Manjee Answer is Yes. In HDP 2.5 Spark Column Security is available with LLAP and Ranger integration

You get Fine-Grained Column Level Access Control for SparkSQL. Fully dynamic policies per user. Doesn’t require views. Use Standard Ranger policies and tools to control access and masking policies.

Flow:

1.SparkSQL gets data locations known as “splits” from HiveServer and plans query.

2.HiveServer2 authorizes access using Ranger. Per-user policies like row filtering are applied.

3.Spark gets a modified query plan based on dynamic security policy.

4.Spark reads data from LLAP. Filtering / masking guaranteed by LLAP server.

9450-screen-shot-2016-11-15-at-105644-am.png

9449-screen-shot-2016-11-15-at-105545-am.png

1,492 Views
0 Kudos
0
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements