2. Hive

[Important]Important

You should not use the Hive CLI after enabling the Ranger Hive plugin. The Hive CLI is not supported in HDP-2.2.0 and higher versions, and may break the install or lead to other unpredictable behavior. Instead, you should use the HiveServer2 Beeline CLI.

To enable the Ranger Hive plugin, perform the steps described below.

  1. Navigate to the Hive service.

  2. Click on the Config tab.

  3. In the Config tab, navigate to advanced ranger-hive-plugin-properties.

  4. Enter values in the fields listed in the Ranger Hive Settings table shown below.

  5. Make sure to select the Enable Ranger for Hive check box.

  6. When you select this check box, a warning dialog will appear.

  7. Click Apply to save these changes.

  8. Ambari will present a restart indicator. Restart the Hive component.

  9. Enter values in the fields listed in the Ranger Hive Settings table shown below.

     

    Table 4.2. Hive Plugin Configuration Properties

    Configuration Property NameDescriptionDefault ValueExample ValueRequired?
    Enable Ranger for HiveFlag used to enable/disable Hive functioanlity for Ranger.FALSE Yes
    Audit to HDFSFlag used to enable/disable Hive audit logging. If Hive audit logging is turned off, it will not log any access control to HDFS.FALSE Yes
    Audit to DBFlag to enable/disable database audit logging. If the database audit logging is turned off, it will not log any access control to database.FALSE Yes
    Policy User for Hive    
    Ranger repository config password    
    Should Hive GRANT/REVOKE uspdate XA policies?Checkbox that provides the ability for the XAAgent to update the policies based on the grant/revoke commands from the Hive client.   

    common.name.

    for.certificate

        
    jdbc.driverClassName    

    SSL_KEYSTORE_

    FILE_PATH

    Java Keystore path where SSL key for the plugin is stored./etc/hive/conf/ranger-plugin-keystore.jks/etc/hive/conf/ranger-plugin-keystore.jksYes, if SSL is enabled.

    SSL_KEYSTORE_

    PASSWORD

    Password associated with the SSL Keystore. This is only used if SSL is enabled between Policy Admin Tool and Plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL not used.NoneNoneYes, if SSL is enabled.

    SSL_TRUSTSTORE_

    FILE_PATH

    The Java Keystore path where the trusted certificates are stored for verifying the SSL connection to the Policy Admin Tool. This is used only if SSL is enabled between the Policy Admin Tool ad Plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not used./etc/hive/conf/ranger-plugin-truststore.jks/etc/hive/conf/ranger-plugin-truststore.jksYes, if SSL is enabled.

    SSL_TRUSTSTORE_

    PASSWORD

    The password associated with the Truststore file. This is used only if SSL is enabled between the Policy Admin Tool and Plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not used.NoneNoneYes, if SSL is enabled.