vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/component-operation-guide/mrs_01_1858.html
Yang, Tong 6182f91ba8 MRS component operation guide_normal 2.0.38.SP20 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2022-12-09 14:55:21 +00:00

295 lines
49 KiB
HTML
Raw Blame History

<a name="mrs_01_1858"></a><a name="mrs_01_1858"></a>
<h1 class="topictitle1">Adding a Ranger Access Permission Policy for Hive</h1>
<div id="body1595917967324"><div class="section" id="mrs_01_1858__section1861148182711"><h4 class="sectiontitle">Scenario</h4><p id="mrs_01_1858__p757895715271">The <span id="mrs_01_1858__ph1389213457234">Ranger</span><span id="mrs_01_1858__ph733184682310"> </span>administrator can use Ranger to set permissions for Hive users. The default administrator account of Hive is <strong id="mrs_01_1858__b1473412917526">hive</strong> and the initial password is <strong id="mrs_01_1858__b193238597392">Hive@123</strong>.</p>
</div>
<div class="section" id="mrs_01_1858__section11493172153315"><h4 class="sectiontitle">Prerequisites</h4><ul id="mrs_01_1858__ul5357197143515"><li id="mrs_01_1858__li735717193519">The Ranger service has been installed and is running properly.</li><li id="mrs_01_1858__li19563173342811">You have created users, user groups, or roles for which you want to configure permissions.</li><li id="mrs_01_1858__li1176125495014">The users must be added to the <strong id="mrs_01_1858__b141781317195415">hive</strong> group.</li></ul>
</div>
<div class="section" id="mrs_01_1858__section747294016257"><h4 class="sectiontitle">Procedure</h4><ol id="mrs_01_1858__ol1065893219380"><li id="mrs_01_1858__li1082644513284"><span>Log in to the Ranger management page.</span></li><li id="mrs_01_1858__li18658932173820"><span>On the home page, click the component plug-in name in the <strong id="mrs_01_1858__b10523051153019">HADOOP SQL</strong> area, for example, <strong id="mrs_01_1858__b15524135193014">Hive</strong>.</span></li><li id="mrs_01_1858__li1955384410387"><span>On the <strong id="mrs_01_1858__b0322124105414">Access</strong> tab page, click <strong id="mrs_01_1858__b183238248544">Add New Policy</strong> to add a Hive permission control policy.</span></li><li id="mrs_01_1858__li139634483403"><span>Configure the parameters listed in the table below based on the service demands.</span><p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_1858__table4469841184115" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Hive permission parameters</caption><thead align="left"><tr id="mrs_01_1858__row2469841104115"><th align="left" class="cellrowborder" valign="top" width="12.989999999999998%" id="mcps1.3.3.2.4.2.1.2.3.1.1"><p id="mrs_01_1858__p846954194111">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="87.01%" id="mcps1.3.3.2.4.2.1.2.3.1.2"><p id="mrs_01_1858__p1346904194117">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_1858__row1469174110419"><td class="cellrowborder" valign="top" width="12.989999999999998%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1858__p1469114120417">Policy Name</p>
</td>
<td class="cellrowborder" valign="top" width="87.01%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1858__p546954144118">Policy name, which can be customized and must be unique in the service.</p>
</td>
</tr>
<tr id="mrs_01_1858__row13825141412419"><td class="cellrowborder" valign="top" width="12.989999999999998%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1858__p1482611416247">Policy Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="87.01%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1858__p913014581448">IP address filtering policy, which can be customized. You can enter one or more IP addresses or IP address segments. The IP address can contain the wildcard character (*), for example, <strong id="mrs_01_1858__b19919038121118">192.168.1.10</strong>, <strong id="mrs_01_1858__b169251038181117">192.168.1.20</strong>, or <strong id="mrs_01_1858__b79251838161114">192.168.1.*</strong>.</p>
</td>
</tr>
<tr id="mrs_01_1858__row134112411332"><td class="cellrowborder" valign="top" width="12.989999999999998%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1858__p196910112228">Policy Label</p>
</td>
<td class="cellrowborder" valign="top" width="87.01%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1858__p5695112225">A label specified for the current policy. You can search for reports and filter policies based on labels.</p>
</td>
</tr>
<tr id="mrs_01_1858__row104697417417"><td class="cellrowborder" valign="top" width="12.989999999999998%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1858__p1598819376474">database</p>
</td>
<td class="cellrowborder" valign="top" width="87.01%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1858__p549418517525">Name of the Hive database to which the policy applies.</p>
<p id="mrs_01_1858__p99402217306">The <span class="parmname" id="mrs_01_1858__parmname1939544510121"><b>Include</b></span> policy applies to the current input object, and the <span class="parmname" id="mrs_01_1858__parmname94011453126"><b>Exclude</b></span> policy applies to objects other than the current input object.</p>
</td>
</tr>
<tr id="mrs_01_1858__row18439485286"><td class="cellrowborder" valign="top" width="12.989999999999998%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1858__p1284314483287">table</p>
</td>
<td class="cellrowborder" valign="top" width="87.01%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1858__p03408216150">Name of the Hive table to which the policy applies.</p>
<p id="mrs_01_1858__p1960315455365">To add a UDF-based policy, switch to UDF and enter the UDF name.</p>
<p id="mrs_01_1858__p18260108154018">The <span class="parmname" id="mrs_01_1858__parmname170944917121"><b>Include</b></span> policy applies to the current input object, and the <span class="parmname" id="mrs_01_1858__parmname2710144921214"><b>Exclude</b></span> policy applies to objects other than the current input object.</p>
</td>
</tr>
<tr id="mrs_01_1858__row17244213311"><td class="cellrowborder" valign="top" width="12.989999999999998%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1858__p18724221203110">Hive Column</p>
</td>
<td class="cellrowborder" valign="top" width="87.01%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1858__p1096572173711">Name of the column to which the policy applies. The value <strong id="mrs_01_1858__b7169195217583">*</strong> indicates all columns.</p>
<p id="mrs_01_1858__p86191312104017">The <span class="parmname" id="mrs_01_1858__parmname736475412129"><b>Include</b></span> policy applies to the current input object, and the <span class="parmname" id="mrs_01_1858__parmname1136417547120"><b>Exclude</b></span> policy applies to objects other than the current input object.</p>
</td>
</tr>
<tr id="mrs_01_1858__row193961147123813"><td class="cellrowborder" valign="top" width="12.989999999999998%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1858__p15697173210192">Description</p>
</td>
<td class="cellrowborder" valign="top" width="87.01%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1858__p1869773261914">Policy description.</p>
</td>
</tr>
<tr id="mrs_01_1858__row12469141164113"><td class="cellrowborder" valign="top" width="12.989999999999998%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1858__p898812379471">Audit Logging</p>
</td>
<td class="cellrowborder" valign="top" width="87.01%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1858__p18988437174719">Whether to audit the policy.</p>
</td>
</tr>
<tr id="mrs_01_1858__row29973720471"><td class="cellrowborder" valign="top" width="12.989999999999998%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1858__p11995376471">Allow Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="87.01%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1858__p18991137164717">Policy allowed condition. You can configure permissions and exceptions allowed by the policy.</p>
<p id="mrs_01_1858__p1819113143111">In the <strong id="mrs_01_1858__b102611404118">Select Role</strong>, <strong id="mrs_01_1858__b42611408115">Select Group</strong>, and <strong id="mrs_01_1858__b19271340181114">Select User</strong> columns, select the role, user group, or user to which the permission is to be granted, click <strong id="mrs_01_1858__b192764018113">Add Conditions</strong>, add the IP address range to which the policy applies, and click <strong id="mrs_01_1858__b8271040161116">Add Permissions</strong> to add the corresponding permission.</p>
<ul id="mrs_01_1858__ul183931610151418"><li id="mrs_01_1858__li2039341013144">select: permission to query data</li><li id="mrs_01_1858__li198521174329">update: permission to update data</li><li id="mrs_01_1858__li1989492010329">Create: permission to create data</li><li id="mrs_01_1858__li97666281328">Drop: permission to drop data</li><li id="mrs_01_1858__li4492203363214">Alter: permission to alter data</li><li id="mrs_01_1858__li1868163813324">Index: permission to index data</li><li id="mrs_01_1858__li1586994283213">All: all permissions</li><li id="mrs_01_1858__li496454815324">Read: permission to read data</li><li id="mrs_01_1858__li137926520324">Write: permission to write data</li><li id="mrs_01_1858__li197901031332">Temporary UDF Admin: temporary UDF management permission</li><li id="mrs_01_1858__li1247541184312">Select/Deselect All: Select or deselect all.</li></ul>
<p id="mrs_01_1858__p1545113122150">To add multiple permission control rules, click <span><img id="mrs_01_1858__image341133521514" src="en-us_image_0000001348770073.png"></span>.</p>
<p id="mrs_01_1858__p8404164411">If users or user groups in the current condition need to manage this policy, select <strong id="mrs_01_1858__b152131847165918">Delegate Admin</strong>. These users will become the agent administrators. The agent administrators can update and delete this policy and create sub-policies based on the original policy.</p>
</td>
</tr>
<tr id="mrs_01_1858__row899937184718"><td class="cellrowborder" valign="top" width="12.989999999999998%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1858__p5991537154719">Deny Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="87.01%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1858__p1799337194719">Policy rejection condition, which is used to configure the permissions and exceptions to be denied in the policy. The configuration method is similar to that of <strong id="mrs_01_1858__b199995465913">Allow Conditions</strong>.</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_1858__t407ce486d4824c69ba125f7c1be82b9b" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Setting permissions</caption><thead align="left"><tr id="mrs_01_1858__r8970570f5e404ff3b4e26f1ec887b626"><th align="left" class="cellrowborder" valign="top" width="29.520000000000003%" id="mcps1.3.3.2.4.2.2.2.3.1.1"><p id="mrs_01_1858__a966f96441ec341ab81e25cd71592239c">Task</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="70.48%" id="mcps1.3.3.2.4.2.2.2.3.1.2"><p id="mrs_01_1858__a32ca2f2b7e424d8480ede0da91c11ded">Role Authorization</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_1858__r37ebca35241b4cae98114fef8e98c8dc"><td class="cellrowborder" valign="top" width="29.520000000000003%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1858__af314c609654c4df69886c974332dfe3d"><strong id="mrs_01_1858__b4899821602">role admin</strong> operation</p>
</td>
<td class="cellrowborder" valign="top" width="70.48%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1858__ol832433933118"><li id="mrs_01_1858__li5552134783210">On the home page, click <strong id="mrs_01_1858__b61517513011">Settings</strong> and choose <strong id="mrs_01_1858__b16151145103">Roles</strong>.</li><li id="mrs_01_1858__li12406174318318">Click the role with <strong id="mrs_01_1858__b49237431472">Role Name</strong> set to <strong id="mrs_01_1858__b261014718012">admin</strong>. In the <strong id="mrs_01_1858__b6610376013">Users</strong> area, click <strong id="mrs_01_1858__b86101071405">Select User</strong> and select a username.</li><li id="mrs_01_1858__li11324133923115">Click <strong id="mrs_01_1858__b14271412406">Add Users</strong>, select <strong id="mrs_01_1858__b8427101216011">Is Role Admin</strong> in the row where the username is located, and click <strong id="mrs_01_1858__b184275121906">Save</strong>.</li></ol>
<div class="note" id="mrs_01_1858__n768c024de71e4be5a7ca11d780550475"><span class="notetitle"> NOTE: </span><div class="notebody"><p class="textintable" id="mrs_01_1858__aeaaa930f124b470ca0f6c4f62ddfea8f">Only user <strong id="mrs_01_1858__b4970114019015">rangeradmin</strong> has the permission to access the <strong id="mrs_01_1858__b1539514511209">Settings</strong> option on the Ranger page. After being bound to the Hive administrator role, perform the following operations during each maintenance operation:</p>
<ol type="a" id="mrs_01_1858__o22025688792147a69a4b441a2e159ca0"><li id="mrs_01_1858__l3ec30b72298549d2b374d9add384655d">Log in to the node where the Hive client is installed as the client installation user.</li><li id="mrs_01_1858__l53e519f4f75e40b097f9a24dc70486d0">Run the following command to configure environment variables:<p class="litext" id="mrs_01_1858__a7cb143b430624aed9fcb7f62f733aa51"><a name="mrs_01_1858__l53e519f4f75e40b097f9a24dc70486d0"></a><a name="l53e519f4f75e40b097f9a24dc70486d0"></a>For example, if the Hive client installation directory is <strong id="mrs_01_1858__b1197044212015">/opt/hiveclient</strong>, run <strong id="mrs_01_1858__b119702042505">source /opt/hiveclient/bigdata_env</strong>.</p>
</li><li id="mrs_01_1858__l1a40354ae9674d0da669b4fc35cc918e">Run the following command to authenticate the user:<p class="litext" id="mrs_01_1858__a48755538b3d44de38791df7ed368ab85"><a name="mrs_01_1858__l1a40354ae9674d0da669b4fc35cc918e"></a><a name="l1a40354ae9674d0da669b4fc35cc918e"></a><strong id="mrs_01_1858__b16241146905">kinit</strong> <em id="mrs_01_1858__i11624104616013">Hive service user</em></p>
</li><li id="mrs_01_1858__l68bc41f3262f4d78852dae085cb4dd1c">Run the following command to log in to the client tool:<p class="litext" id="mrs_01_1858__a3b73ca536c184361b13af264c16b1c1d"><a name="mrs_01_1858__l68bc41f3262f4d78852dae085cb4dd1c"></a><a name="l68bc41f3262f4d78852dae085cb4dd1c"></a><strong id="mrs_01_1858__aa1e3a7d17715434ea08b2578a5591503">beeline</strong></p>
</li><li id="mrs_01_1858__le84ff71b118b4a48a9f24cbab9188f94">Run the following command to update the administrator permissions:<p id="mrs_01_1858__ac94d0dcac4814326b675097bfa097f1b"><a name="mrs_01_1858__le84ff71b118b4a48a9f24cbab9188f94"></a><a name="le84ff71b118b4a48a9f24cbab9188f94"></a><strong id="mrs_01_1858__a2707464e1e1147df8a1a6525470a5827">set role admin;</strong></p>
</li></ol>
</div></div>
</td>
</tr>
<tr id="mrs_01_1858__r32ef203c8450407ba2e7daaad43e84b3"><td class="cellrowborder" valign="top" width="29.520000000000003%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1858__p15432216890">Creating a database table</p>
</td>
<td class="cellrowborder" valign="top" width="70.48%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1858__o03ff4239c1dd418a8aac1901b1a42eaf"><li id="mrs_01_1858__ld973a3178b874b2991a34724362edeaa">Enter the policy name in <strong id="mrs_01_1858__b841312391017">Policy Name</strong>.</li><li id="mrs_01_1858__li864518168382">Enter or select the corresponding database on the right side of <strong id="mrs_01_1858__b68651184141">database</strong> and enter or select <strong id="mrs_01_1858__b1640632661415">*</strong> on the right side of <strong id="mrs_01_1858__b143324577169">column</strong>. (To create a table, enter or select the corresponding table on the right side of <strong id="mrs_01_1858__b1467417521510">table</strong>.)</li><li id="mrs_01_1858__l90a887e837424d2e9d0e4edb5bc29030">In the <strong id="mrs_01_1858__b13021969210">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1858__b9302262217">Select User</strong> drop-down list.</li><li id="mrs_01_1858__la261edb792114984b435ac93df993a6c">Click <strong id="mrs_01_1858__b203731798218">Add Permissions</strong> and select <strong id="mrs_01_1858__b16373129827">Create</strong>.</li></ol>
</td>
</tr>
<tr id="mrs_01_1858__rc691dab3ec894d229b3089f314930b46"><td class="cellrowborder" valign="top" width="29.520000000000003%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1858__a63c7fa067a2c482ba8938e1eb2b5329b">Deleting a table</p>
</td>
<td class="cellrowborder" valign="top" width="70.48%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1858__oa035ad8e31e345b68862f21f259a443f"><li id="mrs_01_1858__li2315817144220">Enter the policy name in <strong id="mrs_01_1858__b142601213522">Policy Name</strong>.</li><li id="mrs_01_1858__li193151917114210">Enter or select the corresponding database on the right side of <strong id="mrs_01_1858__b11653203151619">database</strong> and enter and select <strong id="mrs_01_1858__b1665393141613">*</strong> on the right side of <strong id="mrs_01_1858__b173164407162">column</strong>. (To delete a table, enter or select the corresponding table on the right side of <strong id="mrs_01_1858__b3653931141619">table</strong>.)</li><li id="mrs_01_1858__li11315151764214">In the <strong id="mrs_01_1858__b83401020122">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1858__b1234512201225">Select User</strong> drop-down list.</li><li id="mrs_01_1858__li113151617154217">Click <strong id="mrs_01_1858__b1978792316216">Add Permissions</strong> and select <strong id="mrs_01_1858__b1478719231025">Drop</strong>.</li></ol>
</td>
</tr>
<tr id="mrs_01_1858__row1890419397441"><td class="cellrowborder" valign="top" width="29.520000000000003%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1858__p189054395449">Query operation (<strong id="mrs_01_1858__b1069105017462">select</strong>, <strong id="mrs_01_1858__b523195310463">desc</strong>, and <strong id="mrs_01_1858__b866665411461">show</strong>)</p>
</td>
<td class="cellrowborder" valign="top" width="70.48%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1858__ol11834161219451"><li id="mrs_01_1858__li28340127457">Enter the policy name in <strong id="mrs_01_1858__b199478461410">Policy Name</strong>.</li><li id="mrs_01_1858__li68344125450">Enter or select the corresponding database on the right side of <strong id="mrs_01_1858__b4791113931711">database</strong> and enter or select <strong id="mrs_01_1858__b579812398173">*</strong> (<strong id="mrs_01_1858__b196457138183">*</strong> indicates all columns) on the right side of <strong id="mrs_01_1858__b0800239101715">column</strong>. (To create a table, enter or select the corresponding table on the right side of <strong id="mrs_01_1858__b1980283916174">table</strong>.)</li><li id="mrs_01_1858__li11834121213459">In the <strong id="mrs_01_1858__b1865921813186">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1858__b14667118161814">Select User</strong> drop-down list.</li><li id="mrs_01_1858__li10835161264511">Click <strong id="mrs_01_1858__b62671423101819">Add Permissions</strong> and select <strong id="mrs_01_1858__b102742023171811">select</strong>.</li></ol>
</td>
</tr>
<tr id="mrs_01_1858__racaeeea562d449f6973523ddc07996a0"><td class="cellrowborder" valign="top" width="29.520000000000003%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1858__a8efa8e2e06224b16826141db91790a14"><strong id="mrs_01_1858__b6874194713219">Alter</strong> operation</p>
</td>
<td class="cellrowborder" valign="top" width="70.48%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1858__o1781c8d0839d4117be5170cc4f1f0ec5"><li id="mrs_01_1858__li1353313215430">Enter the policy name in <strong id="mrs_01_1858__b749224816216">Policy Name</strong>.</li><li id="mrs_01_1858__li15339328431">Enter and select the corresponding database on the right side of <strong id="mrs_01_1858__b865123818311">database</strong> and enter or select <strong id="mrs_01_1858__b11656103811314">*</strong> on the right side of <strong id="mrs_01_1858__b16657103818312">column</strong>. (For tables, enter or select the corresponding table on the right side of <strong id="mrs_01_1858__b1965733843120">table</strong>.)</li><li id="mrs_01_1858__li105332032164312">In the <strong id="mrs_01_1858__b210810492033">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1858__b141131049537">Select User</strong> drop-down list.</li><li id="mrs_01_1858__li12533163215437">Click <strong id="mrs_01_1858__b73479501735">Add Permissions</strong> and select <strong id="mrs_01_1858__b73484505319">Alter</strong>.</li></ol>
</td>
</tr>
<tr id="mrs_01_1858__redd589ffe6e7438aa2462b39d1caae46"><td class="cellrowborder" valign="top" width="29.520000000000003%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1858__a8cfcb2ad226748ba963e1a8cedcc5e63"><strong id="mrs_01_1858__b1325511843">LOAD</strong> operation</p>
</td>
<td class="cellrowborder" valign="top" width="70.48%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1858__o3001b283aedf4d219d8470bcae96c133"><li id="mrs_01_1858__li6370130114411">Enter the policy name in <strong id="mrs_01_1858__b1879819541941">Policy Name</strong>.</li><li id="mrs_01_1858__li1837083016449">On the right side of <strong id="mrs_01_1858__b514032720335">database</strong>, enter or select the corresponding database. On the right side of <strong id="mrs_01_1858__b17146152743316">table</strong>, enter or select the corresponding table. On the right side of <strong id="mrs_01_1858__b5147827193311">column</strong>, enter a column and select <strong id="mrs_01_1858__b41474278337">*</strong>.</li><li id="mrs_01_1858__li9370630154420">In the <strong id="mrs_01_1858__b158941511513">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1858__b13899171253">Select User</strong> drop-down list.</li><li id="mrs_01_1858__li537043094418">Click <strong id="mrs_01_1858__b1139739518">Add Permissions</strong> and select <strong id="mrs_01_1858__b1213913654">update</strong>.</li></ol>
</td>
</tr>
<tr id="mrs_01_1858__row208461944104814"><td class="cellrowborder" valign="top" width="29.520000000000003%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1858__p6846244144814"><strong id="mrs_01_1858__b745845317516">INSERT</strong> and <strong id="mrs_01_1858__b2538457145512">DELETE</strong> operations</p>
</td>
<td class="cellrowborder" valign="top" width="70.48%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1858__ol1943920278504"><li id="mrs_01_1858__li1768413178452">Enter the policy name in <strong id="mrs_01_1858__b535812550515">Policy Name</strong>.</li><li id="mrs_01_1858__li1668431764510">On the right side of <strong id="mrs_01_1858__b581313420231">database</strong>, enter or select the corresponding database. On the right side of <strong id="mrs_01_1858__b2819174214234">table</strong>, enter or select the corresponding table. On the right side of <strong id="mrs_01_1858__b4820842102318">column</strong>, enter a column and select <strong id="mrs_01_1858__b3821154216231">*</strong>.</li><li id="mrs_01_1858__li11684191718454">In the <strong id="mrs_01_1858__b71191820968">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1858__b012415201611">Select User</strong> drop-down list.</li><li id="mrs_01_1858__li136846177456">Click <strong id="mrs_01_1858__b21978283620">Add Permissions</strong> and select <strong id="mrs_01_1858__b192024281767">update</strong>.</li><li id="mrs_01_1858__li134102491743">Configure the <strong id="mrs_01_1858__b1027382914611">submit</strong> permission on the Yarn task queue. For details about how to configure the permission, see <a href="mrs_01_1859.html">Adding a Ranger Access Permission Policy for Yarn</a>.</li></ol>
</td>
</tr>
<tr id="mrs_01_1858__row18471749134810"><td class="cellrowborder" valign="top" width="29.520000000000003%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1858__p188473491486">GRANT/REVOKE operation</p>
</td>
<td class="cellrowborder" valign="top" width="70.48%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1858__ol19483751105320"><li id="mrs_01_1858__li1268101913594">Enter the policy name in <strong id="mrs_01_1858__b9215649361">Policy Name</strong>.</li><li id="mrs_01_1858__li162694192596">On the right side of <strong id="mrs_01_1858__b12697183292317">database</strong>, enter or select the corresponding database. On the right side of <strong id="mrs_01_1858__b47021132132314">table</strong>, enter or select the corresponding table. On the right side of <strong id="mrs_01_1858__b57031032132319">column</strong>, enter a column and select <strong id="mrs_01_1858__b57031532102319">*</strong>.</li><li id="mrs_01_1858__li32691199592">In the <strong id="mrs_01_1858__b121267591661">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1858__b713135919617">Select User</strong> drop-down list.</li><li id="mrs_01_1858__li162695198593">Select <strong id="mrs_01_1858__b6295901577">Delegate Admin</strong>.</li></ol>
</td>
</tr>
<tr id="mrs_01_1858__row5871155414815"><td class="cellrowborder" valign="top" width="29.520000000000003%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1858__p387195434818">ADD JAR operation</p>
</td>
<td class="cellrowborder" valign="top" width="70.48%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1858__ol10597126501"><li id="mrs_01_1858__li1752610295174">Enter the policy name in <strong id="mrs_01_1858__b297157471">Policy Name</strong>.</li><li id="mrs_01_1858__li552612981710">Click <strong id="mrs_01_1858__b646178974">database</strong>, and select <strong id="mrs_01_1858__b0468814711">global</strong> from the drop-down list. On the right of <strong id="mrs_01_1858__b1038115102720">global</strong>, enter related information or select <strong id="mrs_01_1858__b1238111103714">*</strong>.</li><li id="mrs_01_1858__li12526129171713">In the <strong id="mrs_01_1858__b427814171179">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1858__b828311171274">Select User</strong> drop-down list.</li><li id="mrs_01_1858__li185267299177">Click <strong id="mrs_01_1858__b158151017183116">Add Permissions</strong> and select <strong id="mrs_01_1858__b20506122033118">Temporary UDF Admin</strong>.</li></ol>
</td>
</tr>
<tr id="mrs_01_1858__row1360292513215"><td class="cellrowborder" valign="top" width="29.520000000000003%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1858__p150574217197">UDF operation</p>
</td>
<td class="cellrowborder" valign="top" width="70.48%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1858__ol14308130174920"><li id="mrs_01_1858__li1930873014497">Enter the policy name in <strong id="mrs_01_1858__b385014829">Policy Name</strong>.</li><li id="mrs_01_1858__li15308030154915">Enter or select the corresponding database on the right of <strong id="mrs_01_1858__b1371844318360">database</strong>, and enter the corresponding udf function name on the right of <strong id="mrs_01_1858__b9796633153619">udf</strong>.</li><li id="mrs_01_1858__li14309130164912">In the <strong id="mrs_01_1858__b248208057">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1858__b484560080">Select User</strong> drop-down list.</li><li id="mrs_01_1858__li12309530184910">Click <strong id="mrs_01_1858__b1910834818367">Add Permissions</strong> and select required permissions for the user (<strong id="mrs_01_1858__b1286545311368">udf</strong> supports the <strong id="mrs_01_1858__b12443431171310">Create</strong>, <strong id="mrs_01_1858__b137462447139">select</strong>, and <strong id="mrs_01_1858__b174022434136">Drop</strong> permissions).</li></ol>
</td>
</tr>
<tr id="mrs_01_1858__row16378165814810"><td class="cellrowborder" valign="top" width="29.520000000000003%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1858__p1437835844819">VIEW operation</p>
</td>
<td class="cellrowborder" valign="top" width="70.48%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1858__ol9638145913412"><li id="mrs_01_1858__li26390594343">Enter the policy name in <strong id="mrs_01_1858__b33505363719">Policy Name</strong>.</li><li id="mrs_01_1858__li163916596347">On the right side of <strong id="mrs_01_1858__b3246138102417">database</strong>, enter or select the corresponding database. On the right side of <strong id="mrs_01_1858__b82523819240">table</strong>, enter or select the corresponding table to be viewed. On the right side of <strong id="mrs_01_1858__b192529814249">column</strong>, enter a column and select <strong id="mrs_01_1858__b20253108112413">*</strong>.</li><li id="mrs_01_1858__li1390813261377">In the <strong id="mrs_01_1858__b97701140773">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1858__b6770194011720">Select User</strong> drop-down list.</li><li id="mrs_01_1858__li1390862613378">Click <strong id="mrs_01_1858__b184277421174">Add Permissions</strong> and select permissions for the user as required.</li></ol>
</td>
</tr>
<tr id="mrs_01_1858__row17534561714"><td class="cellrowborder" valign="top" width="29.520000000000003%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1858__p6548561814">dfs command operation</p>
</td>
<td class="cellrowborder" valign="top" width="70.48%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><p id="mrs_01_1858__p155420564117">The <strong id="mrs_01_1858__b27950211216">dfs</strong> operation can be performed only after you have run the <strong id="mrs_01_1858__b1695619595113">set role admin</strong> command.</p>
</td>
</tr>
<tr id="mrs_01_1858__row198956194913"><td class="cellrowborder" valign="top" width="29.520000000000003%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1858__p1089513118499">Operations on other user database tables</p>
</td>
<td class="cellrowborder" valign="top" width="70.48%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1858__ol760625883917"><li id="mrs_01_1858__li572424194017">Perform the preceding operations to add the corresponding permissions.</li><li id="mrs_01_1858__li15606145843912">Grant the read, write, and execution permissions on the HDFS paths of other user database tables to the user. For details, see <a href="mrs_01_1856.html">Adding a Ranger Access Permission Policy for HDFS</a>.</li></ol>
</td>
</tr>
</tbody>
</table>
</div>
<div class="note" id="mrs_01_1858__note1850774416434"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="mrs_01_1858__ul87915587118"><li id="mrs_01_1858__li1979115810112">If you have specified an HDFS path when running commands, you need to be granted with the read, write, and execution permissions on the HDFS paths. For details, see <a href="mrs_01_1856.html">Adding a Ranger Access Permission Policy for HDFS</a>. You do not need to configure the Ranger policy of HDFS. You can use the Hive permission plug-in to add permissions to the role and assign the role to the corresponding user. If the HDFS Ranger policy can match the file or directory permission of the Hive database table, the HDFS Ranger policy is preferentially used.</li><li id="mrs_01_1858__li128966335333">The URL policy in the Ranger policy is involved in the scenario where the Hive table is stored on OBS. Set the URL to the complete path of the object on OBS. The Read and Write permissions are used together with the URL. URL policies are not involved in other scenarios.</li><li id="mrs_01_1858__li1541362420379">The global policy in the Ranger policy is used only with the <strong id="mrs_01_1858__b6538420203815">Temporary UDF Admin</strong> permission to control the upload of UDF packages.</li><li id="mrs_01_1858__li146513415390">The <strong id="mrs_01_1858__b12641443123812">hiveservice</strong> policy in the Ranger policy is used only with the <strong id="mrs_01_1858__b144994811386">Service Admin</strong> permission to control the permission to run the <strong id="mrs_01_1858__b75101455143811">kill query &lt;queryId&gt;</strong> command to end the task that is being executed.</li><li id="mrs_01_1858__li11664173812421">The <strong id="mrs_01_1858__b3121171043912">lock</strong>, <strong id="mrs_01_1858__b65566122395">index</strong>, <strong id="mrs_01_1858__b185471016153914">refresh</strong>, and <strong id="mrs_01_1858__b1083921817390">replAdmin</strong> permissions are not supported.</li><li id="mrs_01_1858__li125521329143420">Run the <strong id="mrs_01_1858__b2220155954710">show grant</strong> command to view the table permission. The <strong id="mrs_01_1858__b88817722815">grantor</strong> column of the table <strong id="mrs_01_1858__b5120111218289">owner</strong> is displayed as user <strong id="mrs_01_1858__b952818232285">hive</strong>. If the Ranger page is used or the <strong id="mrs_01_1858__b1330535203019">grant</strong> command is used to grant permissions in the background, the <strong id="mrs_01_1858__b162647171312">grantor</strong> column is displayed as the corresponding user. To view the result of using the Hive permission plug-in, set <strong id="mrs_01_1858__b1282510548316">hive-ext.ranger.previous.privileges.enable</strong> to <strong id="mrs_01_1858__b129521053214">true</strong> and run the <strong id="mrs_01_1858__b97690816324">show grant</strong> command.</li></ul>
</div></div>
</p></li><li id="mrs_01_1858__li18337132412418"><span>Click <strong id="mrs_01_1858__b111127431185">Add</strong> to view the basic information about the policy in the policy list. After the policy takes effect, check whether the related permissions are normal.</span><p><p id="mrs_01_1858__en-us_topic_0241932507_p63219632216">To disable a policy, click <span><img id="mrs_01_1858__en-us_topic_0241932507_image1876104732217" src="en-us_image_0000001349289353.png"></span> to edit the policy and set the policy to <strong id="mrs_01_1858__b776815015815">Disabled</strong>.</p>
<p id="mrs_01_1858__en-us_topic_0241932507_p1156483182316">If a policy is no longer used, click <span><img id="mrs_01_1858__en-us_topic_0241932507_image79841567249" src="en-us_image_0000001296090044.png"></span> to delete it.</p>
</p></li></ol>
</div>
<div class="section" id="mrs_01_1858__section13736165383316"><h4 class="sectiontitle">Hive Data Masking</h4><p id="mrs_01_1858__p3789205973315">Ranger supports data masking for Hive data. It can process the returned result of the <strong id="mrs_01_1858__b12566161611918">select</strong> operation you performed to mask sensitive information.</p>
<ol id="mrs_01_1858__ol14761626161412"><li id="mrs_01_1858__li7576119125116"><span>Log in to the Ranger web UI. Click <strong id="mrs_01_1858__b142742026194418">Hive</strong> in the <strong id="mrs_01_1858__b12741264447">HADOOP SQL</strong> area on the homepage.</span><p><p id="mrs_01_1858__p198917341483"><span><img id="mrs_01_1858__image898917342816" src="en-us_image_0000001439293525.png"></span></p>
</p></li><li id="mrs_01_1858__li176626161415"><span>On the <strong id="mrs_01_1858__b143831430141210">Masking</strong> tab page, click <strong id="mrs_01_1858__b15384113031218">Add New Policy</strong> to add a Hive permission control policy.</span><p><p id="mrs_01_1858__p18391550103514"><span><img id="mrs_01_1858__image103975033517" src="en-us_image_0000001295770260.png"></span></p>
</p></li><li id="mrs_01_1858__li6626120121517"><span>Configure the parameters listed in the table below based on the service demands.</span><p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_1858__table1491812011519" frame="border" border="1" rules="all"><caption><b>Table 3 </b>Hive data masking parameters</caption><thead align="left"><tr id="mrs_01_1858__row3918520101513"><th align="left" class="cellrowborder" valign="top" width="22.45%" id="mcps1.3.4.3.3.2.1.2.3.1.1"><p id="mrs_01_1858__p1391862041510">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="77.55%" id="mcps1.3.4.3.3.2.1.2.3.1.2"><p id="mrs_01_1858__p20918202018155">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_1858__row1991814204152"><td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.4.3.3.2.1.2.3.1.1 "><p id="mrs_01_1858__p2918132081514">Policy Name</p>
</td>
<td class="cellrowborder" valign="top" width="77.55%" headers="mcps1.3.4.3.3.2.1.2.3.1.2 "><p id="mrs_01_1858__p5255520152515">Policy name, which can be customized and must be unique in the service.</p>
</td>
</tr>
<tr id="mrs_01_1858__row19999103832616"><td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.4.3.3.2.1.2.3.1.1 "><p id="mrs_01_1858__p20003992615">Policy Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="77.55%" headers="mcps1.3.4.3.3.2.1.2.3.1.2 "><p id="mrs_01_1858__p3577427104515">IP address filtering policy, which can be customized. You can enter one or more IP addresses or IP address segments. The IP address can contain the wildcard character (*), for example, <strong id="mrs_01_1858__b9982154191118">192.168.1.10</strong>, <strong id="mrs_01_1858__b79827414111">192.168.1.20</strong>, or <strong id="mrs_01_1858__b198216416118">192.168.1.*</strong>.</p>
</td>
</tr>
<tr id="mrs_01_1858__row19412189191"><td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.4.3.3.2.1.2.3.1.1 "><p id="mrs_01_1858__p17135151110915">Policy Label</p>
</td>
<td class="cellrowborder" valign="top" width="77.55%" headers="mcps1.3.4.3.3.2.1.2.3.1.2 "><p id="mrs_01_1858__p513517117917">A label specified for the current policy. You can search for reports and filter policies based on labels.</p>
</td>
</tr>
<tr id="mrs_01_1858__row149181120191510"><td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.4.3.3.2.1.2.3.1.1 "><p id="mrs_01_1858__p1891982012151">Hive Database</p>
</td>
<td class="cellrowborder" valign="top" width="77.55%" headers="mcps1.3.4.3.3.2.1.2.3.1.2 "><p id="mrs_01_1858__p1791982021512">Name of the Hive database to which the current policy applies.</p>
</td>
</tr>
<tr id="mrs_01_1858__row1791952061519"><td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.4.3.3.2.1.2.3.1.1 "><p id="mrs_01_1858__p191920207151">Hive Table</p>
</td>
<td class="cellrowborder" valign="top" width="77.55%" headers="mcps1.3.4.3.3.2.1.2.3.1.2 "><p id="mrs_01_1858__p6919192011151">Name of the Hive table to which the current policy applies.</p>
</td>
</tr>
<tr id="mrs_01_1858__row19919120171511"><td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.4.3.3.2.1.2.3.1.1 "><p id="mrs_01_1858__p89197208154">Hive Column</p>
</td>
<td class="cellrowborder" valign="top" width="77.55%" headers="mcps1.3.4.3.3.2.1.2.3.1.2 "><p id="mrs_01_1858__p18919720111520">Column name.</p>
</td>
</tr>
<tr id="mrs_01_1858__row15781105116259"><td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.4.3.3.2.1.2.3.1.1 "><p id="mrs_01_1858__p6553553192517">Description</p>
</td>
<td class="cellrowborder" valign="top" width="77.55%" headers="mcps1.3.4.3.3.2.1.2.3.1.2 "><p id="mrs_01_1858__p75531053202512">Policy description.</p>
</td>
</tr>
<tr id="mrs_01_1858__row391952071518"><td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.4.3.3.2.1.2.3.1.1 "><p id="mrs_01_1858__p255305315254">Audit Logging</p>
</td>
<td class="cellrowborder" valign="top" width="77.55%" headers="mcps1.3.4.3.3.2.1.2.3.1.2 "><p id="mrs_01_1858__p175531753112510">Whether to audit the policy.</p>
</td>
</tr>
<tr id="mrs_01_1858__row9919192017152"><td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.4.3.3.2.1.2.3.1.1 "><p id="mrs_01_1858__p1691914209154">Mask Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="77.55%" headers="mcps1.3.4.3.3.2.1.2.3.1.2 "><p id="mrs_01_1858__p20919320131514">In the <strong id="mrs_01_1858__b572694711116">Select Role</strong>, <strong id="mrs_01_1858__b6730124731118">Select Group</strong>, and <strong id="mrs_01_1858__b107314478112">Select User</strong> columns, select the object to which the permission is to be granted, click <strong id="mrs_01_1858__b9731174720117">Add Conditions</strong>, add the IP address range to which the policy applies, then click <strong id="mrs_01_1858__b473119472118">Add Permissions</strong>, and select <strong id="mrs_01_1858__b913115598124">select</strong>.</p>
<p id="mrs_01_1858__p699541513175">Click <strong id="mrs_01_1858__b9803733227">Select Masking Option</strong> and select a data masking policy.</p>
<ul id="mrs_01_1858__ul16919420131516"><li id="mrs_01_1858__li69191820181516">Redact: Use <strong id="mrs_01_1858__b14801012142211">x</strong> to mask all letters and <strong id="mrs_01_1858__b108616122227">n</strong> to mask all digits.</li><li id="mrs_01_1858__li17919182071514">Partial mask: show last 4: Only the last four characters are displayed, and the rest characters are displayed using <strong id="mrs_01_1858__b1357115251223">x</strong>.</li><li id="mrs_01_1858__li2919192091520">Partial mask: show first 4: Only the first four characters are displayed, and the rest characters are displayed using <strong id="mrs_01_1858__b1090154710239">x</strong>.</li><li id="mrs_01_1858__li591922019159">Hash: Replace the original value with the hash value. The Hive built-in function <strong id="mrs_01_1858__b2038553905413">mask_hash</strong> is used. This is valid only for fields of the string, character, and varchar types. NULL is returned for fields of other types.</li><li id="mrs_01_1858__li18919192013156">Nullify: Replace the original value with the NULL value.</li><li id="mrs_01_1858__li39190202151">Unmasked (retain original value): Keep the original value.</li><li id="mrs_01_1858__li16919820151510">Date: show only year: Only the year part of the date string is displayed, and the default month and date start from January and Monday (<strong id="mrs_01_1858__b17445161612717">01/01</strong>).</li><li id="mrs_01_1858__li13919182021516">Custom: You customize policies using any valid return data type which is the same as the data type in the masked column.</li></ul>
<p id="mrs_01_1858__p17919420191510">To add a multi-column masking policy, click <span><img id="mrs_01_1858__image139191520151519" src="en-us_image_0000001349169785.png"></span>.</p>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="mrs_01_1858__li215401516232"><span>Click <strong id="mrs_01_1858__b5205165862718">Add</strong> to view the basic information about the policy in the policy list.</span></li><li id="mrs_01_1858__li2246435202617"><span>After you perform the <strong id="mrs_01_1858__b166662162815">select</strong> operation on a table configured with a data masking policy on the Hive client, the system processes and displays the data.</span><p><div class="note" id="mrs_01_1858__note1065810397274"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="mrs_01_1858__p9658439142714">To process data, you must have the permission to submit tasks to the Yarn queue.</p>
</div></div>
</p></li></ol>
</div>
<div class="section" id="mrs_01_1858__section33651529649"><h4 class="sectiontitle">Hive Row-Level Data Filtering</h4><p id="mrs_01_1858__p1631710378412">Ranger allows you to filter data at the row level when you perform the <strong id="mrs_01_1858__b523922813283">select</strong> operation on Hive data tables.</p>
<ol id="mrs_01_1858__ol147024123710"><li id="mrs_01_1858__li1170251218717"><span>Log in to the Ranger web UI. Click <strong id="mrs_01_1858__b14839205161615">Hive</strong> in the <strong id="mrs_01_1858__b12840659166">HADOOP SQL</strong> area on the homepage.</span></li><li id="mrs_01_1858__li370281216712"><span>On the <strong id="mrs_01_1858__b486213619282">Row Level Filter</strong> tab page, click <strong id="mrs_01_1858__b1686818361288">Add New Policy</strong> to add a row data filtering policy.</span><p><p id="mrs_01_1858__p112741641163416"><span><img id="mrs_01_1858__image10274104110340" src="en-us_image_0000001349289365.png"></span></p>
</p></li><li id="mrs_01_1858__li6702171214720"><span>Configure the parameters listed in the table below based on the service demands.</span><p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_1858__table1702201213710" frame="border" border="1" rules="all"><caption><b>Table 4 </b>Parameters for filtering Hive row data</caption><thead align="left"><tr id="mrs_01_1858__row1470213121177"><th align="left" class="cellrowborder" valign="top" width="22.45%" id="mcps1.3.5.3.3.2.1.2.3.1.1"><p id="mrs_01_1858__p670217121076">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="77.55%" id="mcps1.3.5.3.3.2.1.2.3.1.2"><p id="mrs_01_1858__p87021612578">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_1858__row0702212776"><td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.5.3.3.2.1.2.3.1.1 "><p id="mrs_01_1858__p107024123717">Policy Name</p>
</td>
<td class="cellrowborder" valign="top" width="77.55%" headers="mcps1.3.5.3.3.2.1.2.3.1.2 "><p id="mrs_01_1858__p20703912179">Policy name, which can be customized and must be unique in the service.</p>
</td>
</tr>
<tr id="mrs_01_1858__row89251570400"><td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.5.3.3.2.1.2.3.1.1 "><p id="mrs_01_1858__p119259713409">Policy Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="77.55%" headers="mcps1.3.5.3.3.2.1.2.3.1.2 "><p id="mrs_01_1858__p1925672408">IP address filtering policy, which can be customized. You can enter one or more IP addresses or IP address segments. The IP address can contain the wildcard character (*), for example, <strong id="mrs_01_1858__b1592217489111">192.168.1.10</strong>, <strong id="mrs_01_1858__b1192334891110">192.168.1.20</strong>, or <strong id="mrs_01_1858__b492317481114">192.168.1.*</strong>.</p>
</td>
</tr>
<tr id="mrs_01_1858__row13855184111911"><td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.5.3.3.2.1.2.3.1.1 "><p id="mrs_01_1858__p1770311427911">Policy Label</p>
</td>
<td class="cellrowborder" valign="top" width="77.55%" headers="mcps1.3.5.3.3.2.1.2.3.1.2 "><p id="mrs_01_1858__p12703144211912">A label specified for the current policy. You can search for reports and filter policies based on labels.</p>
</td>
</tr>
<tr id="mrs_01_1858__row1870313121875"><td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.5.3.3.2.1.2.3.1.1 "><p id="mrs_01_1858__p67038121179">Hive Database</p>
</td>
<td class="cellrowborder" valign="top" width="77.55%" headers="mcps1.3.5.3.3.2.1.2.3.1.2 "><p id="mrs_01_1858__p1070312121374">Name of the Hive database to which the current policy applies.</p>
</td>
</tr>
<tr id="mrs_01_1858__row1870310124719"><td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.5.3.3.2.1.2.3.1.1 "><p id="mrs_01_1858__p5703212976">Hive Table</p>
</td>
<td class="cellrowborder" valign="top" width="77.55%" headers="mcps1.3.5.3.3.2.1.2.3.1.2 "><p id="mrs_01_1858__p15703512375">Name of the Hive table to which the current policy applies.</p>
</td>
</tr>
<tr id="mrs_01_1858__row6703121211712"><td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.5.3.3.2.1.2.3.1.1 "><p id="mrs_01_1858__p5703191217719">Description</p>
</td>
<td class="cellrowborder" valign="top" width="77.55%" headers="mcps1.3.5.3.3.2.1.2.3.1.2 "><p id="mrs_01_1858__p37036121574">Policy description.</p>
</td>
</tr>
<tr id="mrs_01_1858__row1470315123717"><td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.5.3.3.2.1.2.3.1.1 "><p id="mrs_01_1858__p1670319122072">Audit Logging</p>
</td>
<td class="cellrowborder" valign="top" width="77.55%" headers="mcps1.3.5.3.3.2.1.2.3.1.2 "><p id="mrs_01_1858__p1670312128718">Whether to audit the policy.</p>
</td>
</tr>
<tr id="mrs_01_1858__row12703912273"><td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.5.3.3.2.1.2.3.1.1 "><p id="mrs_01_1858__p127039121176">Row Filter Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="77.55%" headers="mcps1.3.5.3.3.2.1.2.3.1.2 "><p id="mrs_01_1858__p1670316121671">In the <strong id="mrs_01_1858__b950517613133">Select Role</strong>, <strong id="mrs_01_1858__b950611611317">Select Group</strong>, and <strong id="mrs_01_1858__b2506765137">Select User</strong> columns, select the object to which the permission is to be granted, click <strong id="mrs_01_1858__b05061618134">Add Conditions</strong>, add the IP address range to which the policy applies, then click <strong id="mrs_01_1858__b1650714616139">Add Permissions</strong>, and select <strong id="mrs_01_1858__b2507862137">Select</strong>.</p>
<p id="mrs_01_1858__p270391213720">Click <strong id="mrs_01_1858__b4240165173310">Row Level Filter</strong> and enter data filtering rules.</p>
<p id="mrs_01_1858__p10682174391411">For example, if you want to filter the data in the <strong id="mrs_01_1858__b1653113717338">zhangsan</strong> row in the <strong id="mrs_01_1858__b15361077330">name</strong> column of <strong id="mrs_01_1858__b253616713334">table A</strong>, the filtering rule is <strong id="mrs_01_1858__b6536273339">name &lt;&gt;'zhangsan'</strong>. For more information, see the official Ranger document.</p>
<p id="mrs_01_1858__p2070316121671">To add more rules, click <span><img id="mrs_01_1858__image11703141212710" src="en-us_image_0000001349089893.png"></span>.</p>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="mrs_01_1858__li2703212975"><span>Click <strong id="mrs_01_1858__b047783863313">Add</strong> to view the basic information about the policy in the policy list.</span></li><li id="mrs_01_1858__li6703181214713"><span>After you perform the <strong id="mrs_01_1858__b4306184711331">select</strong> operation on a table configured with a data masking policy on the Hive client, the system processes and displays the data.</span><p><div class="note" id="mrs_01_1858__note1870314122076"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="mrs_01_1858__p137031512475">To process data, you must have the permission to submit tasks to the Yarn queue.</p>
</div></div>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_1849.html">Using Ranger (MRS 3.x)</a></div>
</div>
</div>
View Git Blame Copy Permalink