Given Record Service is yet to be added to main distributions, I believe the only available solution now is to use hdfs acl to restrict access for spark. On 31 Aug 2016 03:07, "Mich Talebzadeh" <mich.talebza...@gmail.com> wrote:
> Have you checked using views in Hive to restrict user access to certain > tables and columns only. > > Have a look at this link > <http://blog.cloudera.com/blog/2015/09/recordservice-for-fine-grained-security-enforcement-across-the-hadoop-ecosystem/> > > HTH > > Dr Mich Talebzadeh > > > > LinkedIn * > https://www.linkedin.com/profile/view?id=AAEAAAAWh2gBxianrbJd6zP6AcPCCdOABUrV8Pw > <https://www.linkedin.com/profile/view?id=AAEAAAAWh2gBxianrbJd6zP6AcPCCdOABUrV8Pw>* > > > > http://talebzadehmich.wordpress.com > > > *Disclaimer:* Use it at your own risk. Any and all responsibility for any > loss, damage or destruction of data or any other property which may arise > from relying on this email's technical content is explicitly disclaimed. > The author will in no case be liable for any monetary damages arising from > such loss, damage or destruction. > > > > On 30 August 2016 at 16:26, Deepak Sharma <deepakmc...@gmail.com> wrote: > >> Is it possible to execute any query using SQLContext even if the DB is >> secured using roles or tools such as Sentry? >> >> Thanks >> Deepak >> >> On Tue, Aug 30, 2016 at 7:52 PM, Rajani, Arpan <arpan.raj...@worldpay.com >> > wrote: >> >>> Hi All, >>> >>> In our YARN cluster, we have setup spark 1.6.1 , we plan to give access >>> to all the end users/developers/BI users, etc. But we learnt any valid user >>> after getting their own user kerb TGT, can get hold of sqlContext (in >>> program or in shell) and can run any query against any secure databases. >>> >>> This puts us in a critical condition as we do not want to give blanket >>> permission to everyone. >>> >>> >>> >>> We are looking forward to: >>> >>> 1) A *solution or a work around, by which we can give secure >>> access only to the selected users to sensitive tables/database.* >>> >>> 2) *Failing to do so, we would like to remove/disable the SparkSQL >>> context/feature for everyone. * >>> >>> >>> >>> Any pointers in this direction will be very valuable. >>> >>> Thank you, >>> >>> Arpan >>> >>> >>> This e-mail and any attachments are confidential, intended only for the >>> addressee and may be privileged. If you have received this e-mail in error, >>> please notify the sender immediately and delete it. Any content that does >>> not relate to the business of Worldpay is personal to the sender and not >>> authorised or endorsed by Worldpay. Worldpay does not accept responsibility >>> for viruses or any loss or damage arising from transmission or access. >>> >>> Worldpay (UK) Limited (Company No: 07316500/ Financial Conduct Authority >>> No: 530923), Worldpay Limited (Company No:03424752 / Financial Conduct >>> Authority No: 504504), Worldpay AP Limited (Company No: 05593466 / >>> Financial Conduct Authority No: 502597). Registered Office: The Walbrook >>> Building, 25 Walbrook, London EC4N 8AF and authorised by the Financial >>> Conduct Authority under the Payment Service Regulations 2009 for the >>> provision of payment services. Worldpay (UK) Limited is authorised and >>> regulated by the Financial Conduct Authority for consumer credit >>> activities. Worldpay B.V. (WPBV) has its registered office in Amsterdam, >>> the Netherlands (Handelsregister KvK no. 60494344). WPBV holds a licence >>> from and is included in the register kept by De Nederlandsche Bank, which >>> registration can be consulted through www.dnb.nl. Worldpay, the logo and >>> any associated brand names are trade marks of the Worldpay group. >>> >>> >>> >>> >> >> >> -- >> Thanks >> Deepak >> www.bigdatabig.com >> www.keosha.net >> > >
