We have a cluster on Azure with ADLS as a storage layer. I have updated core-site.xml with the keys so that I can access ADLS from hdfs cli. However, when I try to create an external table on hive using beeline from a csv file that is there on ADLS folder, I see a permission error which indicates that the end user doesn't have permission to read that csv file. I also checked to make sure hive impersonation is set to true that means it would be the hive user which needs to have access to the file but not the end user. But in this case, I am not sure why i see an error message about the end user not having permissions to read that file on ADLS. Can some shed some light on this and point me in the right direction? We have the cluster running with HDP 2.6.4 on Azure. Here is the SQL that i am using to create an external table ( i connected to hive via beeline as user 'ravi' ) CREATE EXTERNAL TABLE IF NOT EXISTS Cars( Name STRING, Miles_per_Gallon INT, Cylinders INT, Displacement INT, Horsepower INT, Weight_in_lbs INT, Acceleration DECIMAL, Year DATE, Origin CHAR(1)) COMMENT 'Data about cars from a public database' ROW FORMAT DELIMITED FIELDS TERMINATED BY ',' STORED AS TEXTFILE location 'adl://hdpadls.azuredatalakestore.net/folder1'; Error Message: Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [ravi] does not have [ALL] privilege on [adl://hdpadls.azuredatalakestore.net/folder1] (state=42000,code=40000) ... View more

What is the best approach for multi-tenancy from authorization point of view under the following scenario Within the same company, there are 3 different groups which are not allowed to see each other's data that is stored in multiple folders under the same ADLS storage account. I know we can use Ranger to control Hive external tables access but what about access to files on ADLS? and also if they are trying to run spark workloads accessing the data directly from ADLS, what kind of authorization we can apply on HDP? ... View more

As per the following link, it is nice to see Ranger version 0.7.0 is supported with HDI 3.6. However, I would like to know if all of the ranger functionality/features supported with the latest HDI regardless of the underline storage selected for the cluster? Can someone list out any Ranger limitations that we may run into if we choose to have HDI 3.6 with VHDs/WASB/ADLS? https://docs.microsoft.com/en-us/azure/hdinsight/hdinsight-component-versioning ... View more

Our customer would like to disable all the WebUIs on their HDP 2.4.3 cluster. Is there any way I can shutdown/disable the following WebUIs with out impacting any other services? http://<namenode>:50070/dfshealth.html#tab-overview http://<namenode>:50070/explorer.html#/ http://<namenode>:50070/logs/ http://<datanode>:19888/jobhistory http://<datanode>:19888/logs/ http://<datanode.:19888/jmx http://<hbasemaster>:16010/master-status http://<sparkhistory>:18080/ I already set hadoop.http.authentication.simple.anonymous.allowed to false, but it has no impact to the above URLs. ... View more