[ 
https://issues.apache.org/jira/browse/RANGER-2943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17181488#comment-17181488
 ] 

Jie Zhang commented on RANGER-2943:
-----------------------------------

[~rmani], I put these two parameters you mentioned into hiveserver2-site.xml, 
and stopped/started hive-server2 on EMR, but I got the same issue. Could you 
help take a look at this please? Thanks.

This is my hiveserver2-site.xml

 
{code:java}
    <property>
        <name>hive.security.authorization.enabled</name>
        <value>true</value>
    </property>
    
    <property>
        <name>hive.security.authorization.manager</name>
        
<value>org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory</value>
    </property>
    
    <property>
        <name>hive.security.authenticator.manager</name>
        
<value>org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator</value>
    </property>    

    <property>
        <name>hive.security.metastore.authorization.manager</name>
        
<value>org.apache.hadoop.hive.ql.security.authorization.MetaStoreAuthzAPIAuthorizerEmbedOnly</value>
    </property>
    
    <property>
        <name>hive.metastore.server.filter.enabled</name>
        <value>true</value>
    </property>
    
    <property>
        <name>hive.metastore.filter.hook</name>
        
<value>org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthorizer</value>
    </property>
    
    <property>
        <name>hive.conf.restricted.list</name>         
<value>hive.security.authorization.enabled,hive.security.authorization.manager,hive.security.authenticator.manager,hive.security.metastore.authorization.manager,hive.metastore.server.filter.enabled,hive.metastore.filter.hook</value>
    </property>
{code}
 

> After enabling Ranger for Hive, the rules in hive-metastore are not enforced 
> anymore
> ------------------------------------------------------------------------------------
>
>                 Key: RANGER-2943
>                 URL: https://issues.apache.org/jira/browse/RANGER-2943
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>    Affects Versions: 2.1.0
>            Reporter: Jie Zhang
>            Priority: Major
>
> h2. Before enabling Ranger on Hive:
> user jiezhang does not have access to table default.dim_customer_pii, so I 
> got access denied when I ran this query, this is expected.
> {code:java}
> select * from default.dim_customer_pii limit 5;
> {code}
> h2. After enabling Ranger on Hive:
> When I ran the query above, I got the actual results, this is NOT expected. 
> h2. In summary:
> After enabling Ranger on Hive, the rules in hive-metastore are not enforced 
> anymore. Is this by design? How can we still enforce rules in hive-metastore 
> while have Ranger installed (we are using Ranger auditing capability)? Thanks 
> for your help. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to