Help Center > > User Guide> MRS Cluster Component Operation Guide> Using Ranger> Configuring Hive Access Permissions in Ranger

Configuring Hive Access Permissions in Ranger

Updated at: Apr 28, 2020 GMT+08:00

After an MRS cluster with Ranger installed is created, Hive access control is not integrated into Ranger. This section describes how to integrate Hive into Ranger.

  1. Log in to the Ranger web UI.
  2. In the Service Manager area, click next to HIVE to add a Hive service.

    Figure 1 Adding a Hive service

  3. Set the parameters for adding a Hive service according to Table 1. Use the default values for the parameters that are not listed in the table.

    Table 1 Parameter description

    Parameter

    Description

    Example Value

    Service Name

    Name of the service to be created. The value is fixed to hivedev.

    hivedev

    Username

    You can set this parameter to any value.

    admin

    Password

    You can set this parameter to any value.

    -

    jdbc.driverClassName

    Driver class for connecting to Hive. The value is fixed to org.apache.hive.jdbc.HiveDriver.

    org.apache.hive.jdbc.HiveDriver

    jdbc.url

    URL for connecting to Hive. The format is ZooKeeper mode:

    jdbc:hive2://<host>:2181/;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=hiveserver2

    <host> indicates a ZooKeeper address. To obtain the ZooKeeper address, log in to MRS Manager, choose Services > ZooKeeper > Instance, and view the management IP address of the ZooKeeper instance.

    jdbc:hive2://xx.xx.xx.xx:2181,xx.xx.xx.xx:2181,xx.xx.xx.xx:2181/;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=hiveserver2

    Figure 2 Create Service

  4. Click Add to add the service.
  5. Start the Ranger Hive plugin to authorize Ranger to manage Hive.

    1. On the MRS management console, click the cluster name to go to the cluster details page.
    2. Click the Components tab.
    3. Choose Hive > Service Configuration, and set Type to All.
    4. Search for hive.security.authorization and modify the following configurations:
      • hive.security.authorization.enabled = true
      • hive.security.authorization.manager = org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory
      Figure 3 Modifying hive.security.authorization
    5. Click Save Configuration and select Restart the affected services or instances to restart the Hive service.

  6. Add an access control policy.

    1. Log in to the Ranger web UI.
    2. In the HIVE area, click the added service hivedev.
    3. Click Add New Policy to add an access control policy.
    4. Set the parameters according to Table 2. Use the default values for the parameters that are not listed in the table.
      Table 2 Parameter description

      Parameter

      Description

      Example Value

      Policy Name

      Policy name

      Policy001

      database

      Name of the database that the policy allows to access

      test

      table

      Name of the table corresponding to the database that the policy allows to access

      table1

      Hive Column

      Column name of the table corresponding to the database that the policy allows to access

      name

      Allow Conditions

      • Select Group: user group that the policy allows to access
      • Select User: user in the user group that the policy allows to access
      • Permissions: permissions that the policy allows the user to use
      • Select Group: testuser
      • Select User: testuser
      • Permissions: Create and select
      Figure 4 Adding an access control policy
    5. Click Add to add the policy. According to the preceding policy, user testuser in the testuser user group has the Create and select permissions on the name column of table1 in the test database of Hive, but no permission to access other columns.

  7. Log in to the Hive client by referring to Using Hive from Scratch, and check whether Hive has been integrated into Ranger.

    1. Run the following command to access the Hive beeline:

      source /opt/client/bigdata_env

      beeline

    2. Run the following command to set up a connection and log in as user testuser:
      !connect jdbc:hive2://xx.xx.xx.xx:2181,xx.xx.3.81:2181,192.168.3.153:2181/;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=hiveserver2
      Figure 5 Logging in to Hive
    3. Query data and check whether Ranger is integrated.
      Figure 6 Verifying Ranger integration

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?







Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel