Support Questions
Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Advanced Search

how to use hue hiveserver2 with ranger policy enabled?

Highlighted

how to use hue hiveserver2 with ranger policy enabled?

chenxin
New Contributor

Created ‎06-04-2018 11:13 AM

I enabled ranger hive plugin through ambari UI.

And I can use beeline to verify the ranger policies, But when I use hive editor in hue, I cannot access any hive metadata, because hue do not have a valid session. Could anyone help with this?

Here is the configuration changed:

<property>
        <name>hive.security.authorization.enabled</name>
        <value>true</value>
</property>
<property>
        <name>hive.security.authorization.manager</name>
      <value>org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory</value>
</property>
<property>
        <name>hive.security.authenticator.manager</name>
       <value>org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator</value>
</property>
<property>
        <name>hive.conf.restricted.list</name>
        <value>hive.security.authorization.enabled,hive.security.authorization.manager,hive.security.authenticator.manager</value>
</property>

And here is the log from hiveserver2:

2018-06-04 17:13:15,607 WARN  [HiveServer2-Handler-Pool: Thread-60]: thrift.ThriftCLIService (ThriftCLIService.java:GetSchemas(535)) - Error getting schemas: 
org.apache.hive.service.cli.HiveSQLException: Invalid SessionHandle: SessionHandle [9208ca9c-875a-4d46-889b-e0865ef5289a]
        at org.apache.hive.service.cli.session.SessionManager.getSession(SessionManager.java:318)
        at org.apache.hive.service.cli.CLIService.getSchemas(CLIService.java:314)
        at org.apache.hive.service.cli.thrift.ThriftCLIService.GetSchemas(ThriftCLIService.java:530)
        at org.apache.hive.service.cli.thrift.TCLIService$Processor$GetSchemas.getResult(TCLIService.java:1377)
        at org.apache.hive.service.cli.thrift.TCLIService$Processor$GetSchemas.getResult(TCLIService.java:1362)
        at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
        at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
        at org.apache.hive.service.auth.TSetIpAddressProcessor.process(TSetIpAddressProcessor.java:56)
        at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:285)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Reply
763 Views
0 Kudos
2 REPLIES 2
Highlighted

Re: how to use hue hiveserver2 with ranger policy enabled?

HernanFernande
Cloudera Employee

Created ‎06-04-2018 02:17 PM

Go to ranger UI using admin account. Then select the audit tab and search for the denied caused by hue. Check which user account is trying to get access.

Reply
462 Views
0 Kudos

Re: how to use hue hiveserver2 with ranger policy enabled?

chenxin
New Contributor

Created ‎06-05-2018 03:14 AM

Sorry, I forgot mention that the audit log can only catch the event from beeline connection, but not hue connection event.

Reply
462 Views
0 Kudos
Don't have an account?
Register