Hi I am using the beeline and Ranger in HDP2.2 sandbox.
My scenario is Firstly, I create a user "user1" in Ranger and join the user to a group says "users", which should be an unix group. Secondly, I disable all the policies and create one by myself, which is set to grant all privileges of database "xademo" to the group "users". Thirdly, I connect to Hiveserver2 by using beeline command as following !connect jdbc:hive2://sandbox_host:10000 user1 1qaz2wsx org.apache.hive.jdbc.HiveDriver Then, I execute the command "use xademo;" on beeline, but it says permission denied. Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [user1] does not have [USE] privilege on [xademo(state=42000,code=40000) I think the problem is, hive impersonate as "user1", and the hadoop security library "UserGroupInfomation" doesn't know the groups "user1" have joined, so I always saw the debug log says the groups of user1 can't be found. Then what's the best practice of this integration(Ranger with Hiveserver2)?
