Hive admin user behavior

Tue, 31 Mar 2015 04:38:05 -0700 

Hi All,


When deploying hive, I have defined below configuration for hiveserver2 in 
configuration file "hive-site.xml":


<property>
    <name>hive.server2.enable.doAs</name>
    <value>true</value>
</property>
<property>
    <name>hive.users.in.admin.role</name>
    <value>hanish</value>
</property>

<property>
    <name>hive.security.authorization.manager</name>
    
<value>org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory</value>
</property>
<property>
    <name>hive.security.authorization.enabled</name>
    <value>true</value>
</property>
<property>
    <name>hive.security.authenticator.manager</name>
    
<value>org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator</value>
</property>

<property>
        <name>hive.security.authorization.enabled</name>
                <value>true</value>
</property>


I have added "hanish" user to admin user list (Property- 
hive.users.in.admin.role ) so it should be able to fetch schema of all tables. 
But i am getting permission denied error.

I want one user to define as admin user who can fetch schema of all tables. If 
I give admin permissions or select permissions from ranger-UI to a user for 
databases=* and tables = * then its working fine and that user is able to fetch 
schema for all tables. But  as per hive configurations if user is defined as 
admin by mentioning " hive.users.in.admin.role?" then that user is not behaving 
as admin.

Please let me know the expected behavior.

Is Ranger overrides behavior of hive property " hive.users.in.admin.role?" ??




-------
Thanks & Regards,
Hanish Bansal
Software Engineer, iLabs
Impetus Infotech Pvt. Ltd.
(O) :  +91.120.4092200-2790
(M) : +91.9953399925

________________________________






NOTE: This message may contain information that is confidential, proprietary, 
privileged or otherwise protected by law. The message is intended solely for 
the named addressee. If received in error, please destroy and notify the 
sender. Any use of this email is prohibited when received in error. Impetus 
does not represent, warrant and/or guarantee, that the integrity of this 
communication has been maintained nor that the communication is free of errors, 
virus, interception or interference.

Reply via email to