Help Center/ MapReduce Service/ Troubleshooting/ Using Ranger/ After Ranger Authentication Is Enabled for Hive, Unauthorized Tables and Databases Can Be Viewed on the Hue Page
Updated on 2023-01-11 GMT+08:00

After Ranger Authentication Is Enabled for Hive, Unauthorized Tables and Databases Can Be Viewed on the Hue Page

Issue

Although Ranger authentication is enabled for Hive, unauthorized tables and databases can be still viewed on the Hue page.

Symptom

In a normal cluster with Kerberos authentication disabled, after Ranger authentication is enabled for Hive, unauthorized tables and databases can be viewed on the Hue page.

Cause Analysis

After Ranger authentication is enabled for Hive, the default Hive policies contain two public group policies about databases. All users belong to the public group. By default, the public group is granted the permission to create tables in the default database and create other databases. Therefore, all users have the show databases and show tables permissions by default. If some users do not need to have these two permissions, you can delete the default public group policies on the Ranger web UI and grant the required user permissions.

Procedure

  1. Log in to the Ranger web UI.
  2. In the Service Manager area, click the Hive component name to access the Hive security access policy page.
  3. Click in the rows containing the all - database and default database tables columns policies.
  4. Delete the public group policies.

    Figure 1 all - database policy
    Figure 2 default database tables columns policy

  5. On the Hive security access policy page, click Add New Policy to add resource access policies for related users or user groups. For details, see Configuring Component Permission Policies.