Security
Also available as:
PDF
loading table of contents...

Create a Hive Policy

To add a new policy to an existing Hive service:

  1. On the Service Manager page, select an existing service under Hive.

    The List of Policies page appears.

  2. Click Add New Policy.

    The Create Policy page appears.

  3. Complete the Create Policy page as follows:

    Table 3.46. Policy Details

    FieldDescription
    Policy NameEnter an appropriate policy name. This name cannot be duplicated across the system. This field is mandatory. The policy is enabled by default.
    Table/UDF Drop-down

    To continue adding a table-based policy, keep Table selected. To add a User Defined Function (UDF), select UDF.

    Type in the applicable table name. The autocomplete feature displays available tables based on the entered text.

    Include is selected by default to allow access. Select Exclude to deny access.

    Hive Column

    Type in the applicable Hive column name. The autocomplete feature displays available columns based on the entered text.

    Include is selected by default to allow access. Select Exclude to deny access.

    Hive Database

    Type in the applicable database name. The autocomplete feature displays available databases based on the entered text.

    Include is selected by default to allow access. Select Exclude to deny access..

    Description(Optional) Describe the purpose of the policy.
    Audit LoggingSpecify whether this policy is audited. (De-select to disable auditing).


    Table 3.47. Allow Conditions

    Label

    Description

    Select Group

    Specify a group to which this policy applies. To designate the group as an Administrator for the chosen resource, select the Delegate Admin check box. (Administrators can create child policies based on existing policies).

    The public group contains all users, so granting access to the public group grants access to all users.

    Select UserSpecify one or more users to which this policy applies. To designate the group as an Administrator for the chosen resource, select the Delegate Admin check box. (Administrators can create child policies based on existing policies).
    PermissionsAdd or edit permissions: Select, Update, Create, Drop, Alter, Index, Lock, All, Select/Deselect All.
    Delegate AdminWhen Delegate Admin is selected, administrative privileges are assigned to the applicable users and groups. Delegated administrators can update and delete policies, and can also create child policies based on the original policy.


  4. You can use the Plus (+) symbol to add additional conditions. Conditions are evaluated in the order listed in the policy. The condition at the top of the list is applied first, then the second, then the third, and so on.

  5. Click Add.

[Note]Note

The Ranger Hive plugin only protects HiveServer2; Hive CLI is not supported by Ranger.