Well, that's what I thought, but the command hdfs groups returns me a group that I use for a policy giving access to a database, and as I get the message "HiveAccessControlException Permission denied" when accessing this database, I think Hive cannot assert the groups the user belongs to.
I'm using Hive 0.14.0.2.2. As the problem might come from this, I think it's important to mention that the users are synchronized from a LDAP via SSSD. If the user groups couldn't be asserted, would I see a log indicating that the user cannot be impersonated (like Knox prompts) ? Thanks, Loïc Loïc CHANEL Engineering student at TELECOM Nancy Trainee at Worldline - Villeurbanne 2015-07-23 20:09 GMT+02:00 Don Bosco Durai <[email protected]>: > Hive uses the same core-site.xml settings as HDFS. So if the group mapping > work in HDFS, then it should work in Hive also. > > And if the user and groups are in linux/unix, then it should have been > support out of the box. > > What version of Hive are you using? (It shouldn’t matter) > > Thanks > > Bosco > > > From: Loïc Chanel <[email protected]> > Reply-To: "[email protected]" < > [email protected]> > Date: Thursday, July 23, 2015 at 3:10 AM > To: "[email protected]" <[email protected]> > Subject: Hive server identity assertion > > Hi all, > > As I am now exploring how Ranger works with Hive, I made some policies, > but it seems that group policies are not enforced. > Therefore, I was wondering how the Ranger plugin running on Hive was > asserting the user's identity. > > I am even more surprised by the fact that I do not have any problem with > Ranger plugin working on HDFS, which is running on the exact same node. > > In parallel, I know that Know plugin, for example, runs in a totally > different way, but as it seems that, as does HBase, Hive does not provide > with any user mapping function, I thought the identity would be asserted on > the node Hive Server is running on, as if the user was a Unix one. > > Do someone as an idea about how the user groups can be founded by Hive > Ranger plugin ? > Thanks in advance, > > > Loïc > > Loïc CHANEL > Engineering student at TELECOM Nancy > Trainee at Worldline - Villeurbanne > >
