Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

What is the best way to implement row-based security in Hive?

avatar
New Contributor
 
1 ACCEPTED SOLUTION

avatar
Rising Star
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
9 REPLIES 9

avatar

I believe this would currently be through Hive views

avatar

Row based security can be achieved through SQL Standard Based Hive Authorization.You can create a view with the filter from the original table and then GRANT permissions to role or individual user.

avatar
Rising Star

We would recommend customers to use Ranger with Hive, rather than SQL std authorization. The solution recommend by JP would work

avatar

Just furthering adding to what Deepesh and Ali said - Create Hive views that would filter out rows and then use Ranger to grant that user access to that View (and not the underlying table).

avatar
Rising Star
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login

avatar
Rising Star

Though views are not a scalable model, this would be the best recommended solution till the time we have support for inserting predicate or filtering row through UDF in Hive.

avatar
Master Mentor

@Ronald McCollam

Hive view and if we look into other technology stacks then Row level security is based on views.

avatar

I know... I'm the FIFTH person to say create a View and secure permissions on it, and the backing table, appropriately. 😉

That said, I've got a simple little demo posted at https://github.com/HortonworksUniversity/Essentials/blob/master/demos/ranger/README.md along with a video recording of it linked there in case anyone might find that useful.

avatar
Rising Star

Ranger now supports row filtering where you can specify a condition to filter the results by even without creating a new hive view.

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.0/bk_security/content/ranger_row_level_filter...