[
https://issues.apache.org/jira/browse/RANGER-2943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17181272#comment-17181272
]
Ramesh Mani commented on RANGER-2943:
-------------------------------------
[~jiezhang] Please refer to https://issues.apache.org/jira/browse/HIVE-21753
for Ranger Hive MetaStore authorization.
You need following params on the Hive MetaStore config.
hive.metastore.filter.hook=org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthorizer
Also enable the following for Row filtering functionality via metastore clients.
hive.metastore.server.filter.enabled=true
> After enabling Ranger for Hive, the rules in hive-metastore are not enforced
> anymore
> ------------------------------------------------------------------------------------
>
> Key: RANGER-2943
> URL: https://issues.apache.org/jira/browse/RANGER-2943
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 2.1.0
> Reporter: Jie Zhang
> Priority: Major
>
> h2. Before enabling Ranger on Hive:
> user jiezhang does not have access to table default.dim_customer_pii, so I
> got access denied when I ran this query, this is expected.
> {code:java}
> select * from default.dim_customer_pii limit 5;
> {code}
> h2. After enabling Ranger on Hive:
> When I ran the query above, I got the actual results, this is NOT expected.
> h2. In summary:
> After enabling Ranger on Hive, the rules in hive-metastore are not enforced
> anymore. Is this by design? How can we still enforce rules in hive-metastore
> while have Ranger installed (we are using Ranger auditing capability)? Thanks
> for your help.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
