Sorry, I missed one thing -- you need to backport:
HIVE-20344: PrivilegeSynchronizer for SBA might hit AccessControlException
(Daniel Dai, reviewed by Vaibhav Gumashta)
--- Sungwoo
On Wed, Sep 22, 2021 at 12:24 AM Sungwoo Park <glap...@gmail.com> wrote:
> Actually we can run Hive 3.1.2 with Ranger!
>
> To run Hive 3.1.2 with Ranger 2.0.0, you could set:
>
> hive.security.authorization.enabled=true
>
> hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator
>
> hive.security.authorization.manager=org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory
> hive.privilege.synchronizer=true
>
> For Ranger 2.0.0, RangerHiveAuthorizerBase.getHivePolicyProvider() returns
> null, so it is okay to set hive.privilege.synchronizer to true, and you
> don't have to set up ZooKeeper.
>
> To run Hive 3.1.2 with Ranger 2.1.0 but without ZooKeeper, you need to set
> hive.privilege.synchronizer to false because
> RangerHiveAuthorizer.getHivePolicyProvider() returns
> RangerHivePolicyProvider. If hive.privilege.synchronizer is set to true,
> ZooKeeper should be running.
>
> So, with Ranger 2.0.0 or 2.1.0, you can run Hive 3.1.2 without ZooKeeper.
> (Of course, you can run it with ZooKeeper, too.) It may take a while (like
> a few seconds) for a new Ranger policy to be delivered to HiveServer2, but
> this does not seem like an issue in practice.
>
> --- Sungwoo
>
> On Tue, Sep 21, 2021 at 6:50 PM Antoine DUBOIS <antoine.dub...@cc.in2p3.fr>
> wrote:
>
>> Yes I can.
>> You cannot use Ranger without having to configure an instance of
>> zookeeper to run for unclear reasons.
>>
>> public void startPrivilegeSynchonizer(HiveConf hiveConf) throws Exception {
>>
>> PolicyProviderContainer policyContainer = new PolicyProviderContainer();
>> HiveAuthorizer authorizer = SessionState.get().getAuthorizerV2();
>> if (authorizer.getHivePolicyProvider() != null) {
>> policyContainer.addAuthorizer(authorizer);
>> }
>> if (hiveConf.get(MetastoreConf.ConfVars.PRE_EVENT_LISTENERS.getVarname())
>> != null &&
>>
>> hiveConf.get(MetastoreConf.ConfVars.PRE_EVENT_LISTENERS.getVarname()).contains(
>>
>> "org.apache.hadoop.hive.ql.security.authorization.AuthorizationPreEventListener")
>> &&
>>
>> hiveConf.get(MetastoreConf.ConfVars.HIVE_AUTHORIZATION_MANAGER.getVarname())!=
>> null) {
>> List<HiveMetastoreAuthorizationProvider> providers =
>> HiveUtils.getMetaStoreAuthorizeProviderManagers(
>> hiveConf, HiveConf.ConfVars.HIVE_METASTORE_AUTHORIZATION_MANAGER,
>> SessionState.get().getAuthenticator());
>> for (HiveMetastoreAuthorizationProvider provider : providers) {
>> if (provider.getHivePolicyProvider() != null) {
>> policyContainer.addAuthorizationProvider(provider);
>> }
>> }
>> }
>> [...]
>>
>> if (policyContainer.size() > 0) {
>> zKClientForPrivSync = startZookeeperClient(hiveConf);
>> String rootNamespace =
>> hiveConf.getVar(HiveConf.ConfVars.HIVE_SERVER2_ZOOKEEPER_NAMESPACE);
>>
>>
>> So as long as you are using ranger you must use zookeeper and
>> configuration in this case is unclear.
>> I never managed to make it work properly.
>> It seems like version 3.1.2 is no longer developed or supported and only
>> 2.x is still under developpement.
>> Looks like cloudera buying HDP makes development less active in the end...
>>
>> ------------------------------
>> *De: *"Battula, Brahma Reddy" <bbatt...@visa.com>
>> *À: *user@hive.apache.org
>> *Envoyé: *Vendredi 17 Septembre 2021 21:15:51
>> *Objet: *Re: Future release of hive
>>
>>
>>
>> Can you please give more details on issues which you faced with
>> hive-3.1.2 and ranger-2.1.0..?
>>
>>
>>
>>
>>
>> *From: *Antoine DUBOIS <antoine.dub...@cc.in2p3.fr>
>> *Date: *Tuesday, 14 September 2021 at 6:20 PM
>> *To: *user@hive.apache.org <user@hive.apache.org>
>> *Subject: *Future release of hive
>>
>> Hello
>>
>> After trying to use hive 3.1.2 for several weeks with ranger, I stop.
>> It's seems way too complicated and tedious.
>>
>> I wonder when or even if there will be any more release in the 3.0 branch.
>>
>> I wonder if Hive 3.0 was just an experience as it seems maintenance is
>> not really there.
>> Is there any plan for Hive 4.0 or should I use Hive 2.8 knowing I'm using
>> Hadoop 3 ?
>> Any insight on hive release cycle woudl be awesome.
>>
>>
>>
>> i hope you have a nice day.
>>
>>
>>
>> Antoine DUBOIS
>>
>>
>>
>>
