[
https://issues.apache.org/jira/browse/RANGER-2128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16544855#comment-16544855
]
Kent Yao commented on RANGER-2128:
----------------------------------
My env is a fully kerberized cluster, and I ran thrift server with
spark2.3.1(built-in hive) on yarn against Apache Hadoop2.7.3/Hive Metastore
Server2.1/ranger0.5.3-rc3
With the below secure options
{code:java}
hive.security.authorization.manager=org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory
hive.security.metastore.authenticator.manager=org.apache.hadoop.hive.ql.security.HadoopDefaultMetastoreAuthenticator
hive.security.metastore.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider
hive.server2.authentication=KERBEROS
hive.server2.enable.doAs=false
{code}
Only works for single user who start the server, fails to switch user
The exception is related to the thrift server do "use:database" action during
opening session, which will call sparksession.sql("use default"), AFAIK once it
is executed the Isolated Hive classloader will be turned off
> Implement SparkSQL plugin
> -------------------------
>
> Key: RANGER-2128
> URL: https://issues.apache.org/jira/browse/RANGER-2128
> Project: Ranger
> Issue Type: New Feature
> Components: plugins, Ranger
> Affects Versions: 1.1.0
> Reporter: t oo
> Assignee: Kent Yao
> Priority: Major
> Fix For: 2.0.0
>
> Attachments: support_ranger11.tgz
>
>
> Implement SparkSQL plugin
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
