Cloudera Community
jiri_novak
user rank
New Contributor

Re: Hive UDFs restrictions in Ranger

by New Contributor in Support Questions
‎09-04-2017 10:20 AM
‎09-04-2017 10:20 AM
Ok, thank you. ... View more

Re: Hive UDFs restrictions in Ranger

by New Contributor in Support Questions
‎08-28-2017 12:13 PM
‎08-28-2017 12:13 PM
Ranger is 0.7.0, Hive is 1.2.1000. The RANGER-1631 issue is probably not related, as my problem is with evaluating the function name, not the database name, and it occurs when running the function, not when creating it. I tried one more test: I created an allow policy for select permission for the user with database=* and one particular UDF, and disabled all other policies for the user. When this policy was disabled, the user could not run any UDFs. When this policy was enabled, the user could run all UDFs, not just the one given in the policy. ... View more

Hive UDFs restrictions in Ranger

by New Contributor in Support Questions
‎08-25-2017 01:13 PM
‎08-25-2017 01:13 PM
Hi, is it possible to restrict access to certain UDF (custom or built-in) in Ranger? I have set the enableDenyAndExceptionsInPolicies option to true. Then I created new access policy to deny a particular user access to all UDFs (* as database, * as udf, user in deny condition, all permissions selected). This worked ok and the user was denied when tried to run a select with a function. But when I put a particular function to the UDF field, the user was able to run the function. I tried it with a built-in function (unix_timestamp) as well as with a custom created function, and the result was the same. What can be wrong or what else do I have to set up? Thanks. ... View more
Labels:
Contact Me
Online
Offline
Last Visited
‎04-27-2018 10:11 AM
Community Statistics
Member Since ‎08-24-2017 11:25 AM
Last Visited ‎04-27-2018 10:11 AM
Posts 3