I am trying to protect Hive Database using Apache Ranger Hive Plugin. Below is what I have done:
What is missing here ?
Can you try enabling debug more for ranger as mentioned below -
change -> <priority value="info" />
To -> <priority value="debug" />
Restart ranger service.
Try test connection and please check xa_portal.log and hive server logs for any error.
Can you paste logs here.
I know this is a Hive plugin related question, but you might want to see : https://community.hortonworks.com/questions/31148/i-am-creating-a-policy-in-ranger-which-blocks-a-us...
How about if you try the same operation through hive cli/ beeline?
1. What is the value set for Hive impersonation (hive.server2.enable.doAs) ? I believe only true would enforce policies for end users.
2. Is the respective table / db file accessible from Hive Cli as well ? Note that Ranger Hive plugin only applies to Hiveserver2. Hive CLI should be protected using permissions at the HDFS folder/file level using Ranger or HDFS ACLs.
Hi, I am using zeppelin to run hive queries. (Ranger is enabled)
With or without user impersonation, when I try running the queries I get the below error:
Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [anonymous] does not have [USE] privilege on [null]
This works fine when in default user I put some username. This also works fine for the user if using Hive CLI.
Can anyone please help?