Create a Hive Policy
To add a new policy to an existing Hive service:
On the Service Manager page, select an existing service under Hive.
The List of Policies page appears.
Click
.The Create Policy page appears.
Complete the Create Policy page as follows:
Table 3.46. Policy Details
Field Description Policy Name Enter an appropriate policy name. This name cannot be duplicated across the system. This field is mandatory. The policy is enabled by default. Table/UDF Drop-down To continue adding a table-based policy, keep Table selected. To add a User Defined Function (UDF), select UDF.
Type in the applicable table name. The autocomplete feature displays available tables based on the entered text.
Include is selected by default to allow access. Select Exclude to deny access.
Hive Column Type in the applicable Hive column name. The autocomplete feature displays available columns based on the entered text.
Include is selected by default to allow access. Select Exclude to deny access.
Hive Database Type in the applicable database name. The autocomplete feature displays available databases based on the entered text.
Include is selected by default to allow access. Select Exclude to deny access..
Description (Optional) Describe the purpose of the policy. Audit Logging Specify whether this policy is audited. (De-select to disable auditing). Table 3.47. Allow Conditions
Label
Description
Select Group Specify a group to which this policy applies. To designate the group as an Administrator for the chosen resource, select the Delegate Admin check box. (Administrators can create child policies based on existing policies).
The public group contains all users, so granting access to the public group grants access to all users.
Select User Specify one or more users to which this policy applies. To designate the group as an Administrator for the chosen resource, select the Delegate Admin check box. (Administrators can create child policies based on existing policies). Permissions Add or edit permissions: Select, Update, Create, Drop, Alter, Index, Lock, All, Select/Deselect All. Delegate Admin When Delegate Admin is selected, administrative privileges are assigned to the applicable users and groups. Delegated administrators can update and delete policies, and can also create child policies based on the original policy. You can use the Plus (+) symbol to add additional conditions. Conditions are evaluated in the order listed in the policy. The condition at the top of the list is applied first, then the second, then the third, and so on.
Click
.
Note | |
---|---|
The Ranger Hive plugin only protects HiveServer2; Hive CLI is not supported by Ranger. |