vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/component-operation-guide/mrs_01_0765.html
Yang, Tong 6182f91ba8 MRS component operation guide_normal 2.0.38.SP20 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2022-12-09 14:55:21 +00:00

121 lines
15 KiB
HTML
Raw Blame History

<a name="mrs_01_0765"></a><a name="mrs_01_0765"></a>
<h1 class="topictitle1">Configuring Hive/Impala Access Permissions in Ranger</h1>
<div id="body1589421650678"><p id="mrs_01_0765__p8060118">After an MRS cluster with Ranger installed is created, Hive and Impala access control is not integrated into Ranger. This section describes how to integrate Hive into Ranger. Impala follows the same procedure.</p>
<ol id="mrs_01_0765__ol86391727123611"><li id="mrs_01_0765__li1476394183516"><span>Log in to the Ranger web UI.</span></li><li id="mrs_01_0765__li116391227123617"><span>In the <strong id="mrs_01_0765__b1498812118106">Service Manager</strong> area, click <span><img id="mrs_01_0765__image15993191112104" src="en-us_image_0000001296090600.png"></span> next to <strong id="mrs_01_0765__b299317116105">HIVE</strong> to add a Hive service.</span><p><div class="fignone" id="mrs_01_0765__fig091882852810"><span class="figcap"><b>Figure 1 </b>Adding a Hive service</span><br><span><img id="mrs_01_0765__image035810254285" src="en-us_image_0000001388415558.png"></span></div>
</p></li><li id="mrs_01_0765__li340533214416"><span>Set the parameters for adding a Hive service according to <a href="#mrs_01_0765__table54444329411">Table 1</a>. Use the default values for the parameters that are not listed in the table.</span><p>
<div class="tablenoborder"><a name="mrs_01_0765__table54444329411"></a><a name="table54444329411"></a><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_0765__table54444329411" frame="border" border="1" rules="all"><caption><b>Table 1 </b><strong id="mrs_01_0765__b126014571101">Parameter description</strong></caption><thead align="left"><tr id="mrs_01_0765__row1844243264112"><th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.2.3.2.1.2.4.1.1"><p id="mrs_01_0765__p12442193220418">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.2.3.2.1.2.4.1.2"><p id="mrs_01_0765__p1744210322416">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.2.3.2.1.2.4.1.3"><p id="mrs_01_0765__p84421328419">Example Value</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_0765__row644393284112"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.1 "><p id="mrs_01_0765__p18442232184110">Service Name</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.2 "><p id="mrs_01_0765__p8442203254115">Name of the service to be created. The value is fixed to <strong id="mrs_01_0765__b675510131112">hivedev</strong>.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.3 "><p id="mrs_01_0765__p14442133211411">hivedev</p>
</td>
</tr>
<tr id="mrs_01_0765__row34433328419"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.1 "><p id="mrs_01_0765__p6443153216418">Username</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.2 "><p id="mrs_01_0765__p12443832114118">You can set this parameter to any value.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.3 "><p id="mrs_01_0765__p0443532194110">admin</p>
</td>
</tr>
<tr id="mrs_01_0765__row74431532164110"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.1 "><p id="mrs_01_0765__p544313323411">Password</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.2 "><p id="mrs_01_0765__p7443133224114">You can set this parameter to any value.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.3 "><p id="mrs_01_0765__p044333212412">-</p>
</td>
</tr>
<tr id="mrs_01_0765__row144353274113"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.1 "><p id="mrs_01_0765__p94431332194118">jdbc.driverClassName</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.2 "><p id="mrs_01_0765__p14431132144114">Driver class for connecting to Hive. The value is fixed to <strong id="mrs_01_0765__b78899236115">org.apache.hive.jdbc.HiveDriver</strong>.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.3 "><p id="mrs_01_0765__p5443153210414">org.apache.hive.jdbc.HiveDriver</p>
</td>
</tr>
<tr id="mrs_01_0765__row104441332194110"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.1 "><p id="mrs_01_0765__p13443123216418">jdbc.url</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.2 "><p id="mrs_01_0765__p15443132174118">URL for connecting to Hive. The format is ZooKeeper mode:</p>
<p id="mrs_01_0765__p11444132204117">jdbc:hive2://&lt;host&gt;:2181/;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=hiveserver2</p>
<p id="mrs_01_0765__p717612451575"><strong id="mrs_01_0765__b7538171717142">&lt;host&gt;</strong> indicates a ZooKeeper address. To obtain the ZooKeeper address, log in to MRS Manager, choose <strong id="mrs_01_0765__b754320173147">Services</strong> &gt; <strong id="mrs_01_0765__b19543161741413">ZooKeeper</strong> &gt; <strong id="mrs_01_0765__b16543131719144">Instance</strong>, and view the management IP address of the ZooKeeper instance.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.3 "><p id="mrs_01_0765__p12444163244112">jdbc:hive2://xx.xx.xx.xx:2181,xx.xx.xx.xx:2181,xx.xx.xx.xx:2181/;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=hiveserver2</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="fignone" id="mrs_01_0765__fig39091316015"><span class="figcap"><b>Figure 2 </b>Creating hivedev</span><br><span><img id="mrs_01_0765__image17739125716596" src="en-us_image_0000001349170337.png"></span></div>
</p></li><li id="mrs_01_0765__li189043534201"><span>Click <strong id="mrs_01_0765__b1897812245154">Add</strong> to add the service.</span></li><li id="mrs_01_0765__li3576367439"><span>Start the Ranger Hive plugin to authorize Ranger to manage Hive.</span><p><ol type="a" id="mrs_01_0765__ol2033912334020"><li id="mrs_01_0765__li17892205313916">On the MRS management console, click the cluster name to go to the cluster details page.</li><li id="mrs_01_0765__li179012282616">Click the <strong id="mrs_01_0765__b2063015481151">Components</strong> tab.</li><li id="mrs_01_0765__li194741166217">Choose <strong id="mrs_01_0765__b20845165131614">Hive</strong> &gt; <strong id="mrs_01_0765__b19850154165">Service Configuration</strong> and switch <strong id="mrs_01_0765__b118500520161">Basic</strong> to <strong id="mrs_01_0765__b98501517163">All</strong>.</li><li id="mrs_01_0765__li2339133315018">Search for <strong id="mrs_01_0765__b939193320168">hive.security.authorization</strong> and modify the following configurations:<ul id="mrs_01_0765__ul769417179317"><li id="mrs_01_0765__li56947171339">hive.security.authorization.enabled = true</li><li id="mrs_01_0765__li1689511618310">hive.security.authorization.manager = org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory</li></ul>
</li><li id="mrs_01_0765__li1538145391">Click <strong id="mrs_01_0765__b1677982411916">Save Configuration</strong> and select <strong id="mrs_01_0765__b47841424131910">Restart the affected services or instances</strong> to restart the Hive service.</li></ol>
</p></li><li id="mrs_01_0765__li73811045113616"><span>Add an access control policy.</span><p><ol type="a" id="mrs_01_0765__ol623195511810"><li id="mrs_01_0765__li286414508814">Log in to the Ranger web UI.</li><li id="mrs_01_0765__li651141125712">In the <strong id="mrs_01_0765__b1721355151916">HIVE</strong> area, click the added service <strong id="mrs_01_0765__b77155510195">hivedev</strong>.</li><li id="mrs_01_0765__li77752095618">Click <strong id="mrs_01_0765__b1124312182014">Add New Policy</strong> to add an access control policy.</li><li id="mrs_01_0765__li483812535575">Set the parameters according to <a href="#mrs_01_0765__table116322231534">Table 2</a>. Use the default values for the parameters that are not listed in the table.
<div class="tablenoborder"><a name="mrs_01_0765__table116322231534"></a><a name="table116322231534"></a><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_0765__table116322231534" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Parameter description</caption><thead align="left"><tr id="mrs_01_0765__row11633152314316"><th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.2.6.2.1.4.2.2.4.1.1"><p id="mrs_01_0765__p1260833016420">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.2.6.2.1.4.2.2.4.1.2"><p id="mrs_01_0765__p156082301046">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.2.6.2.1.4.2.2.4.1.3"><p id="mrs_01_0765__p1060811302417">Example Value</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_0765__row1163310231234"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.1 "><p id="mrs_01_0765__p1865510429816">Policy Name</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.2 "><p id="mrs_01_0765__p19547132615414">Policy name</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.3 "><p id="mrs_01_0765__p46331231316">Policy001</p>
</td>
</tr>
<tr id="mrs_01_0765__row9633142318314"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.1 "><p id="mrs_01_0765__p11633172313315">database</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.2 "><p id="mrs_01_0765__p45473261944">Name of the database that the policy allows to access</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.3 "><p id="mrs_01_0765__p2063314239314">test</p>
</td>
</tr>
<tr id="mrs_01_0765__row863372320317"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.1 "><p id="mrs_01_0765__p16335231835">table</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.2 "><p id="mrs_01_0765__p054718261244">Name of the table corresponding to the database that the policy allows to access</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.3 "><p id="mrs_01_0765__p176331023136">table1</p>
</td>
</tr>
<tr id="mrs_01_0765__row1663420237318"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.1 "><p id="mrs_01_0765__p663414239318">Hive Column</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.2 "><p id="mrs_01_0765__p1754752616416">Column name of the table corresponding to the database that the policy allows to access</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.3 "><p id="mrs_01_0765__p1063412318311">name</p>
</td>
</tr>
<tr id="mrs_01_0765__row463413231318"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.1 "><p id="mrs_01_0765__p1263412231934">Allow Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.2 "><ul id="mrs_01_0765__ul291972075620"><li id="mrs_01_0765__li1191916209565"><strong id="mrs_01_0765__b47732567248">Select Group</strong>: user group that the policy allows to access</li><li id="mrs_01_0765__li956702325612"><strong id="mrs_01_0765__b18435182510">Select User</strong>: user in the user group that the policy allows to access</li><li id="mrs_01_0765__li5554348566"><strong id="mrs_01_0765__b59261834259">Permissions</strong>: permissions that the policy allows the user to have</li></ul>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.3 "><ul id="mrs_01_0765__ul11428874228"><li id="mrs_01_0765__li8428157182218">Select Group: <strong id="mrs_01_0765__b650915619257">testuser</strong></li><li id="mrs_01_0765__li14285711228">Select User: <strong id="mrs_01_0765__b3434793251">testuser</strong></li><li id="mrs_01_0765__li174281572225">Permissions: <strong id="mrs_01_0765__b136133106254">Create</strong> and <strong id="mrs_01_0765__b1361391032514">Select</strong></li></ul>
</td>
</tr>
</tbody>
</table>
</div>
<div class="fignone" id="mrs_01_0765__fig2047532791212"><span class="figcap"><b>Figure 3 </b>Adding an access control policy for <strong id="mrs_01_0765__b1636201782519">hivedev</strong></span><br><span><img id="mrs_01_0765__image5214102414476" src="en-us_image_0000001348770629.png"></span></div>
</li><li id="mrs_01_0765__li85730455122">Click <strong id="mrs_01_0765__b05041835112515">Add</strong> to add the policy. According to the preceding policy, user <strong id="mrs_01_0765__b17504103515259">testuser</strong> in the <strong id="mrs_01_0765__b5504735182517">testuser</strong> user group has the <strong id="mrs_01_0765__b1450411355252">Create</strong> and <strong id="mrs_01_0765__b4505535172511">Select</strong> permissions on the <strong id="mrs_01_0765__b4505103514252">name</strong> column of <strong id="mrs_01_0765__b13505163532520">table1</strong> in the <strong id="mrs_01_0765__b19505835192510">test</strong> database of Hive, but no permissions to access other columns.</li></ol>
</p></li><li id="mrs_01_0765__li12732859163619"><span>Log in to the Hive client by referring to <a href="mrs_01_0442.html">Using Hive from Scratch</a>, and check whether Hive has been integrated into Ranger.</span><p><ol type="a" id="mrs_01_0765__ol63481623172519"><li id="mrs_01_0765__li1813416133279">Run the following command to access the Hive beeline:<p id="mrs_01_0765__p229910510296"><a name="mrs_01_0765__li1813416133279"></a><a name="li1813416133279"></a><strong id="mrs_01_0765__b213218188592">source /opt/client/bigdata_env</strong></p>
<p id="mrs_01_0765__p1666784523316"><b><span class="cmdname" id="mrs_01_0765__cmdname17863112621510">beeline</span></b></p>
</li><li id="mrs_01_0765__li137951518182513">Run the following command to set up a connection and log in as user <strong id="mrs_01_0765__b74101344152610">testuser</strong>:<p id="mrs_01_0765__p19337117163410"><strong id="mrs_01_0765__b12820349598">!connect jdbc:hive2://xx.xx.xx.xx:2181,xx.xx.3.81:2181,192.168.3.153:2181/;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=hiveserver2</strong></p>
<div class="fignone" id="mrs_01_0765__fig149885421551"><span class="figcap"><b>Figure 4 </b>Logging in to Hive</span><br><span><img id="mrs_01_0765__image898924211517" src="en-us_image_0000001438393405.png"></span></div>
</li><li id="mrs_01_0765__li114993407521">Query data and check whether Ranger is integrated.<div class="fignone" id="mrs_01_0765__fig19585153615368"><span class="figcap"><b>Figure 5 </b>Verifying the integration of Ranger with Hive</span><br><span><img id="mrs_01_0765__image4506184065217" src="en-us_image_0000001349289921.png"></span></div>
</li></ol>
</p></li></ol>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_0761.html">Using Ranger (MRS 1.9.2)</a></div>
</div>
</div>
View Git Blame Copy Permalink