I am trying to create readonly user in ambari. I created a group provide the permission as cluster user but when i try to create folder or create or drop table in hive it is executing it and operations are performed. In one of the blog i read we should install ambari-server in remote server and register cluster as remote cluster and set hive views but still i have the same problem. Kindly help to resolve this
In Ambari 2.2 and earlier, the only roles available were Operator and Read-only.
But later in order to enhance the granularity of permissions that can be granted to Ambari users, there are many new, cluster-level roles are added: https://docs.hortonworks.com/HDPDocuments/Ambari-188.8.131.52/bk_ambari-administration/content/cluster_ro...
You can create a "Cluster User" from ambari UI.
Ambari UI --> admin (drop down) --> Manage Ambari --> Users / Roles
Cluster User : Users assigned to the Cluster User role can view information about the cluster and its services, including configurations, service status, and health alerts. In Ambari 2.2 and earlier, this user was referred to as the Read-only user. Effectively, the cluster user is a view-only user.
Regarding your query : When you are using a "cluster user" and try to create folder or create or drop table in hive it is executing it and operations are performed.
The Ambari Roles are permissions are applicable only for managing/accessing Ambari resources. These roles are not specific to the ACL of Hive / Hadoop.
If you want your Ambari ReadOnly user to now be able to insert any record inside the Hive Table then in that case you should refer to Ranger Hive Policies. https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.3/bk_security/content/ranger_resource_based_s...