Support Questions
Find answers, ask questions, and share your expertise
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ranger Policies for Groups not applied for Hive

Ranger Policies for Groups not applied for Hive

New Contributor

I am trying to perform Hadoop Group Mapping without SSSD/Centrify, but through the core-site.xml configuration.

Ranger UserSync is successfully adding all the users with groups to Ranger, and when I run:

hdfs groups <username>

, the corresponding group matches the groups in both Ranger and AD (the case is also matched). But when I try to run the Hive query with the user that has the group policy for accessing the database, I am getting Permission denied error.

What might be the cause of this behavior? According to the documentation, this should work without the SSSD/Centrify, but only through core-site.xml configuration. Any experiences on how to fix this without going to the OS level AD sync with SSSD/Centrify?

P.S. When group policy is defined in Ranger for HDFS access, it works, and for Hive it's not applied.