Have you checked using views in Hive to restrict user access to certain tables and columns only.
Have a look at this link <http://blog.cloudera.com/blog/2015/09/recordservice-for-fine-grained-security-enforcement-across-the-hadoop-ecosystem/> HTH Dr Mich Talebzadeh LinkedIn * https://www.linkedin.com/profile/view?id=AAEAAAAWh2gBxianrbJd6zP6AcPCCdOABUrV8Pw <https://www.linkedin.com/profile/view?id=AAEAAAAWh2gBxianrbJd6zP6AcPCCdOABUrV8Pw>* http://talebzadehmich.wordpress.com *Disclaimer:* Use it at your own risk. Any and all responsibility for any loss, damage or destruction of data or any other property which may arise from relying on this email's technical content is explicitly disclaimed. The author will in no case be liable for any monetary damages arising from such loss, damage or destruction. On 30 August 2016 at 16:26, Deepak Sharma <deepakmc...@gmail.com> wrote: > Is it possible to execute any query using SQLContext even if the DB is > secured using roles or tools such as Sentry? > > Thanks > Deepak > > On Tue, Aug 30, 2016 at 7:52 PM, Rajani, Arpan <arpan.raj...@worldpay.com> > wrote: > >> Hi All, >> >> In our YARN cluster, we have setup spark 1.6.1 , we plan to give access >> to all the end users/developers/BI users, etc. But we learnt any valid user >> after getting their own user kerb TGT, can get hold of sqlContext (in >> program or in shell) and can run any query against any secure databases. >> >> This puts us in a critical condition as we do not want to give blanket >> permission to everyone. >> >> >> >> We are looking forward to: >> >> 1) A *solution or a work around, by which we can give secure access >> only to the selected users to sensitive tables/database.* >> >> 2) *Failing to do so, we would like to remove/disable the SparkSQL >> context/feature for everyone. * >> >> >> >> Any pointers in this direction will be very valuable. >> >> Thank you, >> >> Arpan >> >> >> This e-mail and any attachments are confidential, intended only for the >> addressee and may be privileged. If you have received this e-mail in error, >> please notify the sender immediately and delete it. Any content that does >> not relate to the business of Worldpay is personal to the sender and not >> authorised or endorsed by Worldpay. Worldpay does not accept responsibility >> for viruses or any loss or damage arising from transmission or access. >> >> Worldpay (UK) Limited (Company No: 07316500/ Financial Conduct Authority No: >> 530923), Worldpay Limited (Company No:03424752 / Financial Conduct Authority >> No: 504504), Worldpay AP Limited (Company No: 05593466 / Financial Conduct >> Authority No: 502597). Registered Office: The Walbrook Building, 25 >> Walbrook, London EC4N 8AF and authorised by the Financial Conduct Authority >> under the Payment Service Regulations 2009 for the provision of payment >> services. Worldpay (UK) Limited is authorised and regulated by the Financial >> Conduct Authority for consumer credit activities. Worldpay B.V. (WPBV) has >> its registered office in Amsterdam, the Netherlands (Handelsregister KvK no. >> 60494344). WPBV holds a licence from and is included in the register kept by >> De Nederlandsche Bank, which registration can be consulted through >> www.dnb.nl. Worldpay, the logo and any associated brand names are trade >> marks of the Worldpay group. >> >> >> >> > > > -- > Thanks > Deepak > www.bigdatabig.com > www.keosha.net >
