Support Questions
Find answers, ask questions, and share your expertise

Zeppelin user impersonation for Hive?

Solved Go to solution

Zeppelin user impersonation for Hive?

Super Guru

Is there any capabilities to hive zeppelin notebook run hive query based on user id on zeppelin session? right know the jdbc interrupter needs username and password for hive. That means all users will run as user defined in interpreter settings. I can't have this due to security issues, ie having all users access hive tables via single user id. I have ranger enabled to provide security based on user id. Livy is for spark so that is unusable for hive. any insights?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Zeppelin user impersonation for Hive?

Super Guru

I found how to do it








Identity Propagation with JDBC (Hive)


1.Enable
Authentication via Shiro
Config


–zeppelin.jdbc.auth.type
= KERBEROS


–zeppelin.jdbc.principal
=
principal value


–zeppelin.jdbc.keytab.location
=
keytab
location


•JDBC
Interpreter will add end-user as 

jdbc:hive2://HiveHost:10000/default;principal=hive/_HOST@MY-REALM.COM;hive.server2.proxy.user=<$USER_NAME>


View solution in original post

3 REPLIES 3

Re: Zeppelin user impersonation for Hive?

Super Guru

I found how to do it








Identity Propagation with JDBC (Hive)


1.Enable
Authentication via Shiro
Config


–zeppelin.jdbc.auth.type
= KERBEROS


–zeppelin.jdbc.principal
=
principal value


–zeppelin.jdbc.keytab.location
=
keytab
location


•JDBC
Interpreter will add end-user as 

jdbc:hive2://HiveHost:10000/default;principal=hive/_HOST@MY-REALM.COM;hive.server2.proxy.user=<$USER_NAME>


View solution in original post

Re: Zeppelin user impersonation for Hive?

@Sunile Manjee

Can you clearly state what you entered for zeppelin.jdbc.principal? Is this the Hive Principal or the Zeppelin Principal with Key tab. Also what exactly is in the URL for the JDBC Interpreter? Just:

jdbc:hive2://HiveHost:10000/default;principal=hive/_HOST@MY-REALM.COM

Finally, did you have to copy the Hive JDBC Jars or create softlinks to Zeppelin

/usr/hdp/current/zeppelin-server/interpreter/jdbc

Re: Zeppelin user impersonation for Hive?

Super Guru