I have a Kerberized HDP cluster with Spark, Hive, Livy, Zeppelin and Ranger.
When I'm querying hive using JDBC(hive) interpreter, my policies are enforced as expected. In my case, the user gets rejected when trying to list tables in db.
When I use the same query by using livy.sql interpreter, it gets executed and can see all tables, even though my policy is saying I can't...
What am I missing?
In Ranger Audit I can only see one entry related to that, which is yarn queue that was allowed.
When I change interpreter to isolated (from scoped) I get:
org.apache.zeppelin.interpreter.InterpreterException: Host key verification failed.
@Jakub Igla: You can check the logs for Livy might give you more info on why you are getting this error. I happen to know that livy is ssh'ing in as your user and that is some how causing this error. (the error you are getting is an ssh error and livy uses ssh so... this is how I know this issue is an ssh issue.)
Maybe the user you are using isn't present on the node livy is using.
It's my fault i didn't realize you where not using LLAP which does correctly honor ranger policies. I should have caught that.
See the following:
also you need this parameter which for some reason isn't in the above guides: