Hi Eric , Thanks for the reply, (1) In the resource pool, submission access control is set by "groupname", so when user from the group submitting a job through HUE, the Yarn is showing me the username as "hive" whom submitted the job, only upon the job is completed I could view who was the one submitted the job. Also if its a Spark job or Other huge jobs im unable to alert the user, before killing the job, which is very tough to monitor. So how to clearly see who submitted the Job?. when its showing hive everywhere.   (2) Hive databases is stored in /user/hive/warehouse/db*, but yet, users are creating tables as *external table* in thier own HDFS path /Project/Alpha/Table/..and in that path users are devided by *dev*sit*prd and etc. Besides just external tables, other files also stored at the same path, so are you suggesting me to leave the setting as hive:hive everywhere and let the "sentry role" to define who access what.?.. Regards, Sona ... View more

But this problem makes things tougher frm the admins perspective, jobs submitted from Hue is running as Hive user on Yarn.. Also most of the users will be creating external tables for thier work n store it at thier respective hdfs path, so setting the path ownership as user:usergrp is prohibitting the "disabled impersonated" hive user from hue,, to unable to write at the mentioned path.... So everytime have to set acl for everyone?.. and every sub directory ownership will change?.. What if the user if running on beeline?.. so still change the path ownership to hive:hive?.. ... View more