Member since
04-01-2021
2
Posts
0
Kudos Received
0
Solutions
04-07-2021
06:29 AM
@Shelton Excuse for the delayed response. I have attached the screenshot of the policy in ranger. hivedev policies Test policy -1 Test policy - 2 So according to policy, 'shaz' should have access 'qubz' database and 'edward' should not have access to the 'qubz' database. Beeline: edward@dev-2:~$ beeline SLF4J: Class path contains multiple SLF4J bindings. SLF4J: Found binding in [jar:file:/usr/hdp/apache-hive-3.1.0-bin/lib/log4j-slf4j-impl-2.10.0.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: Found binding in [jar:file:/usr/hdp/hadoop-3.1.0/share/hadoop/common/lib/slf4j-log4j12-1.7.25.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation. SLF4J: Actual binding is of type [org.apache.logging.slf4j.Log4jLoggerFactory] Beeline version 3.1.0 by Apache Hive beeline> !connect jdbc:hive2://dev-2:10000/; Connecting to jdbc:hive2://dev-2:10000/; Enter username for jdbc:hive2://dev-2:10000/: edward Enter password for jdbc:hive2://dev-2:10000/: Connected to: Apache Hive (version 3.1.0) Driver: Hive JDBC (version 3.1.0) Transaction isolation: TRANSACTION_REPEATABLE_READ 0: jdbc:hive2://dev-2:10000/> show databases; INFO : Compiling command(queryId=root_20210407130935_a28fc25d-2398-4e61-a205-f24e3ba937f1): show databases INFO : Concurrency mode is disabled, not creating a lock manager INFO : Semantic Analysis Completed (retrial = false) INFO : Returning Hive schema: Schema(fieldSchemas:[FieldSchema(name:database_name, type:string, comment:from deserializer)], properties:null) INFO : Completed compiling command(queryId=root_20210407130935_a28fc25d-2398-4e61-a205-f24e3ba937f1); Time taken: 0.01 seconds INFO : Concurrency mode is disabled, not creating a lock manager INFO : Executing command(queryId=root_20210407130935_a28fc25d-2398-4e61-a205-f24e3ba937f1): show databases INFO : Starting task [Stage-0:DDL] in serial mode INFO : Completed executing command(queryId=root_20210407130935_a28fc25d-2398-4e61-a205-f24e3ba937f1); Time taken: 0.015 seconds INFO : OK INFO : Concurrency mode is disabled, not creating a lock manager +----------------+ | database_name | +----------------+ | default | | kylin | | mytesting | | qubz | +----------------+ 4 rows selected (0.115 seconds) 0: jdbc:hive2://dev-2:10000/> show tables from qubz; INFO : Compiling command(queryId=root_20210407131007_896cb7af-5452-4b5e-bd6c-1393c25e1bd7): show tables from qubz INFO : Concurrency mode is disabled, not creating a lock manager INFO : Semantic Analysis Completed (retrial = false) INFO : Returning Hive schema: Schema(fieldSchemas:[FieldSchema(name:tab_name, type:string, comment:from deserializer)], properties:null) INFO : Completed compiling command(queryId=root_20210407131007_896cb7af-5452-4b5e-bd6c-1393c25e1bd7); Time taken: 0.016 seconds INFO : Concurrency mode is disabled, not creating a lock manager INFO : Executing command(queryId=root_20210407131007_896cb7af-5452-4b5e-bd6c-1393c25e1bd7): show tables from qubz INFO : Starting task [Stage-0:DDL] in serial mode INFO : Completed executing command(queryId=root_20210407131007_896cb7af-5452-4b5e-bd6c-1393c25e1bd7); Time taken: 0.013 seconds INFO : OK INFO : Concurrency mode is disabled, not creating a lock manager +-----------+ | tab_name | +-----------+ +-----------+ No rows selected (0.043 seconds) But, edward was able to see 'qubz' db ( to which he was restricted access, In old Ranger, DB will not be even visible - Is this expected here? ) but no tables visible, whereas 'shaz' user was able to view the DB as well as tables as expected.
... View more