Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

Spark and HIVE

Labels:
avatar
author-rank marcia_hon_29
Expert Contributor

Created ‎02-23-2017 04:07 PM

Do Spark and HIVE have the abilities to set permissions?

For example, only people of a certain role can view a certain table. Also, only people of a certain role can view this column.

2,455 Views
1 ACCEPTED SOLUTION

avatar
author-rank bwalter1
Guru

Created ‎02-23-2017 04:57 PM

For Hive one would use Apache Ranger for this. You can allow or deny access to tables, columns and even rows.

Now, what to do with Spark:

For the normal HiveContext Spark would read the Schema from Metastore and then read the the file directly from HDFS. So no Hive Ranger plugin would kick in.

However, with LLAP it will be possible, see e.g. https://hortonworks.com/blog/sparksql-ranger-llap-via-spark-thrift-server-bi-scenarios-provide-row-c... If you additionally disable HDFS access for "others" for Hive tables, data is access controlled

View solution in original post

1,882 Views
4 REPLIES 4

avatar
author-rank bwalter1
Guru

Created ‎02-23-2017 04:57 PM

For Hive one would use Apache Ranger for this. You can allow or deny access to tables, columns and even rows.

Now, what to do with Spark:

For the normal HiveContext Spark would read the Schema from Metastore and then read the the file directly from HDFS. So no Hive Ranger plugin would kick in.

However, with LLAP it will be possible, see e.g. https://hortonworks.com/blog/sparksql-ranger-llap-via-spark-thrift-server-bi-scenarios-provide-row-c... If you additionally disable HDFS access for "others" for Hive tables, data is access controlled

1,883 Views

avatar
author-rank marcia_hon_29
Expert Contributor

Created ‎02-23-2017 06:58 PM

If I create tables in SparkSQL, how to I enable fine-grained permissions for these tables?

Or is this only possible using HiveQL?

1,882 Views
0 Kudos

avatar
author-rank bwalter1
Guru

Created ‎02-24-2017 07:33 AM

Fine grained permissions (row level, column masking, ...) are created in Ranger for any Hive table - whether created by HiveQL or SparkQL

So if you create a new table in Hive via SparkSQL that should be used by others with access control, you need to create the appropriate policies afterwards in Ranger.

For less fine grained permissions (delete update, insert delete) you can also use the SQL commands of https://cwiki.apache.org/confluence/display/Hive/SQL+Standard+Based+Hive+Authorization#SQLStandardBa... with SparkSQL

1,882 Views
0 Kudos

avatar
author-rank marcia_hon_29
Expert Contributor

Created ‎02-24-2017 02:40 PM

How do I create Hive tables in Spark?

1,882 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements