You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@ranger.apache.org by 林家銘 <ro...@gmail.com> on 2015/05/19 07:03:10 UTC

Ranger Hiveserver2 authorization problems

Hi

I am using the beeline and Ranger in HDP2.2 sandbox.

My scenario is
Firstly, I create a user "user1" in Ranger and join the user to a
group says "users", which should be an unix group.

Secondly, I disable all the policies and create one by myself, which
is set to grant all privileges of database "xademo" to the group
"users".

Thirdly, I connect to Hiveserver2 by using beeline command as following
!connect jdbc:hive2://sandbox_host:10000 user1 1qaz2wsx
org.apache.hive.jdbc.HiveDriver

Then, I execute the command "use xademo;" on beeline, but it says
permission denied.
Error: Error while compiling statement: FAILED:
HiveAccessControlException Permission denied: user [user1] does not
have [USE] privilege on [xademo(state=42000,code=40000)

I think the problem is, hive impersonate as "user1", and the hadoop
security library "UserGroupInfomation" doesn't know the groups "user1"
have joined, so I always saw the debug log says the groups of user1
can't be found.

Then what's the best practice of this integration(Ranger with Hiveserver2)?