[jira] [Commented] (RANGER-2943) After enabling Ranger for Hive, the rules in hive-metastore are not enforced anymore

Fri, 21 Aug 2020 10:02:04 -0700 


    [ 
https://issues.apache.org/jira/browse/RANGER-2943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17182009#comment-17182009
 ] 

Jie Zhang commented on RANGER-2943:
-----------------------------------

[~rmani]

*Before enabling Ranger on Hive*: hive.security.authorization.manager = 
org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.*SQLStdHiveAuthorizerFactory*

*After enabling Ranger on Hive*: hive.security.authorization.manager = 
org.apache.ranger.authorization.hive.authorizer.*RangerHiveAuthorizerFactory*

After enabling Ranger on Hive, the rules with SQLStdHiveAuthorizerFactory are 
not enforced anymore. Is this by design? *How can we enforce both 
SQLStdHiveAuthorizerFactory and RangerHiveAuthorizerFactory?* Thanks for your 
help. 

> After enabling Ranger for Hive, the rules in hive-metastore are not enforced 
> anymore
> ------------------------------------------------------------------------------------
>
>                 Key: RANGER-2943
>                 URL: https://issues.apache.org/jira/browse/RANGER-2943
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>    Affects Versions: 2.1.0
>            Reporter: Jie Zhang
>            Priority: Major
>
> h2. Before enabling Ranger on Hive: hive.security.authorization.manager = 
> org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory
> user jiezhang does not have access to table default.dim_customer_pii, so I 
> got access denied when I ran this query, this is expected.
> {code:java}
> select * from default.dim_customer_pii limit 5;
> {code}
> h2. After enabling Ranger on Hive: hive.security.authorization.manager = 
> org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory
> When I ran the query above, I got the actual results, this is NOT expected. 
> h2. In summary:
> After enabling Ranger on Hive, the rules with SQLStdHiveAuthorizerFactory are 
> not enforced anymore. Is this by design? How can we enforce both 
> SQLStdHiveAuthorizerFactory and RangerHiveAuthorizerFactory? Thanks for your 
> help. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to