Hi Wilfried,   I'm sorry to ask again, but i'm facing the same problem and I don't understand how to configure Dynamic Ressource Pool Configuration to work using orginal user groups (me not hive). I'm using CDH 5.13 with Kerberos and Sentry. As I am using Sentry, impersonation is disabled. My configuration is  root |--A |--B On root, submission ACL are set to allow only "sentry" user to submit in this pool On A, submission ACL are set to allow only group A to submit in this pool On B, submission ACL are set to allow only group B to submit in this pool Placement rules are : 1 - "Use the pool Specified at run time, only if the pool exists." 2 - "Use the pool root.[username] and create the pool if it does not exist. "   When I submit a query with a user from the group A, using Hue and setting "set mapred.job.queue.name=A;" I got the error : "User hive cannot submit applications to queue root.A"   If I add hive to allowed user on root, the query is working fine but both A and B user's can submit query If I add hive to only "A" resource pool, then user from A and B group can submit query to ressource pool A, but none can submit to resource pool B   Maybe I am missing an important part, but I don't have the same behavior as you explained and if I add hive in authorized user it will break the ACL's as every user could use all the resource pool.   Can you give us the good configuration to have the same behavior as your's ?  ... View more