to connect beeline, the following steps work
1. kinit as user hr1
2. beeline connect URL
Then it asks for user name, password - for which just press enter
Once we are in, which user is it
1) is it hr1
2) is it hive user on behalf of hr1
3) it is hive user
whose permissions will work?
can someone please explain the token delegation that happens here. Also is it the right way to connect using beeline.
The user that has the kerberos ticket will be the authenticated user
you can confirm
kinit as hr1
then klist to check
beeline -u ' jdbc:hive2://localhost:10000/default;principal=hive/securityLab02@XXX.local'
all actions will be of the authenticated user via kerberos
please see this article
However I noticed while doing a HIVE command - the permissions of hive service principal is taking precedence over the authenticated user
load data inpath '/tmp/sample_07.csv' into table sample_07;