Hi, I think, it is common to have Ranger policies for Hive and HDFS on the same cluster on the same time, but creating HDFS policies from Hive policies is not an easy task, and I doubt it is ever implemented by anyone. In the common scenario, Hive's files are owned by 'hive' user on HDFS, so no further restriction is needed, it works with the Posix File ACL, and you can create Ranger policies for the rest of your files on HDFS.
Regards, Zsombor On Mon, Mar 18, 2019 at 2:57 PM Odon Copon <odonco...@gmail.com> wrote: > Hi, > Considering the situation where there's Apache Hive and a Hadoop cluster, > would be a good idea to have Apache Ranger running on both systems (Ranger > at Hive level and Ranger at HDFS level)? > I know that would be possible to bypass Ranger at Hive level by connecting > directly to the Hive metastore instead of the HiveServer2, so wondering if > protecting also HDFS would be a good idea. > > Is this a normal scenario and people have several Rangers at different > levels? > > Thanks. >
