[
https://issues.apache.org/jira/browse/RANGER-2943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17181488#comment-17181488
]
Jie Zhang commented on RANGER-2943:
-----------------------------------
[~rmani], I put these two parameters you mentioned into hiveserver2-site.xml,
and stopped/started hive-server2 on EMR, but I got the same issue. Could you
help take a look at this please? Thanks.
This is my hiveserver2-site.xml
{code:java}
<property>
<name>hive.security.authorization.enabled</name>
<value>true</value>
</property>
<property>
<name>hive.security.authorization.manager</name>
<value>org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory</value>
</property>
<property>
<name>hive.security.authenticator.manager</name>
<value>org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator</value>
</property>
<property>
<name>hive.security.metastore.authorization.manager</name>
<value>org.apache.hadoop.hive.ql.security.authorization.MetaStoreAuthzAPIAuthorizerEmbedOnly</value>
</property>
<property>
<name>hive.metastore.server.filter.enabled</name>
<value>true</value>
</property>
<property>
<name>hive.metastore.filter.hook</name>
<value>org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthorizer</value>
</property>
<property>
<name>hive.conf.restricted.list</name>
<value>hive.security.authorization.enabled,hive.security.authorization.manager,hive.security.authenticator.manager,hive.security.metastore.authorization.manager,hive.metastore.server.filter.enabled,hive.metastore.filter.hook</value>
</property>
{code}
> After enabling Ranger for Hive, the rules in hive-metastore are not enforced
> anymore
> ------------------------------------------------------------------------------------
>
> Key: RANGER-2943
> URL: https://issues.apache.org/jira/browse/RANGER-2943
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 2.1.0
> Reporter: Jie Zhang
> Priority: Major
>
> h2. Before enabling Ranger on Hive:
> user jiezhang does not have access to table default.dim_customer_pii, so I
> got access denied when I ran this query, this is expected.
> {code:java}
> select * from default.dim_customer_pii limit 5;
> {code}
> h2. After enabling Ranger on Hive:
> When I ran the query above, I got the actual results, this is NOT expected.
> h2. In summary:
> After enabling Ranger on Hive, the rules in hive-metastore are not enforced
> anymore. Is this by design? How can we still enforce rules in hive-metastore
> while have Ranger installed (we are using Ranger auditing capability)? Thanks
> for your help.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)