Antwort: Re: denied use to hive database

Mon, 23 Mar 2020 22:27:46 -0700 

Hi Abhay,

thank you I found a missmatch in Hive which still red the old ldap group
mapping- I killed the processes manually and restarted now it works.


THANK YOU


Markus


Fiducia & GAD IT AG | www.fiduciagad.de
AG Frankfurt a. M. HRB 102381 | Sitz der Gesellschaft: Frankfurt a. M. |
USt-IdNr. DE 143582320
Vorstand: Martin Beyer (Vorstandssprecher), Birgit Frohnhoff, Jörg Staff
Vorsitzender des Aufsichtsrats: Jürgen Brinkmann





Von:    Abhay Kulkarni <ab...@apache.org>
An:     user@ranger.apache.org
Datum:  23.03.2020 19:48
Betreff:        Re: denied use to hive database



Hi Markus,

At the time of access evaluation, Ranger plugin does not figure out group
membership of accessing user by itself; it depends on Hive to provide the
groups of the accessing user. Could you please check if group membership is
correctly resolved by Hive before Ranger is called to authorize access?

Thanks!
Abhay

On Mon, Mar 23, 2020 at 4:49 AM <markus.gier...@fiduciagad.de> wrote:


      Hi!

      I have the problem that a user can't connect to a hive database
      because of a missing USE permission. The user is a member of a group
      in an organisation unit X. The cluster itself is in the ou Cluster_X
      and in Cluster_X I have a group where the group of organisation unit
      X is a member of.

      Nested groups are activated in Ranger and a see the User as a member
      of the Cluster_X group. Cluster_group has select and read permissions
      on hive defined in a policy. On hdfs level the data can be seen.


      But wenn the user connect via hive shell and tries to use a database
      I get

      Error: Error while compiling statement: FAILED:
      HiveAccessControlException Permission denied: user [testuser] does
      not have [USE] privilege on [refined] (state=42000,code=40000)


      So how can I set the USE privilege ? There must be a difference
      betwenn adding the user to Cluster_X group instead of using nested
      groups.


      The Software Stack is HDP 3.1

      (Siehe angehängte Datei: denied.jpg)

      Best Regards and stay healthy.

      Markus







      Fiducia & GAD IT AG | www.fiduciagad.de
      AG Frankfurt a. M. HRB 102381 | Sitz der Gesellschaft: Frankfurt a.
      M. | USt-IdNr. DE 143582320
      Vorstand: Martin Beyer (Vorstandssprecher), Birgit Frohnhoff, Jörg
      Staff
      Vorsitzender des Aufsichtsrats: Jürgen Brinkmann

Reply via email to