You created user user1 in ranger manually. Usersync process can be turned on to automatically sync unix users and groups and user’s group membership.
If you want to create these manually then you should manually create "users” group and specify “user1" to be a part of it and then authorization should succeed. “There are only two kinds of languages: the ones people complain about and the ones nobody uses” ― Bjarne Stroustrup. On 5/18/15, 10:03 PM, "林家銘" <[email protected]> wrote: >Hi > >I am using the beeline and Ranger in HDP2.2 sandbox. > >My scenario is >Firstly, I create a user "user1" in Ranger and join the user to a >group says "users", which should be an unix group. > >Secondly, I disable all the policies and create one by myself, which >is set to grant all privileges of database "xademo" to the group >"users". > >Thirdly, I connect to Hiveserver2 by using beeline command as following >!connect jdbc:hive2://sandbox_host:10000 user1 1qaz2wsx >org.apache.hive.jdbc.HiveDriver > >Then, I execute the command "use xademo;" on beeline, but it says >permission denied. >Error: Error while compiling statement: FAILED: >HiveAccessControlException Permission denied: user [user1] does not >have [USE] privilege on [xademo(state=42000,code=40000) > >I think the problem is, hive impersonate as "user1", and the hadoop >security library "UserGroupInfomation" doesn't know the groups "user1" >have joined, so I always saw the debug log says the groups of user1 >can't be found. > >Then what's the best practice of this integration(Ranger with >Hiveserver2)?
