Hive LLAP shares and caches data across many users like other MPP or database
technologies do. Older file-based security controls do not work with Hive and impersonation
(doAs=true) is not supported by Hive LLAP. You need to use Apache Ranger, disable
impersonation (doAs=false) to secure Hive LLAP, and restrict underlying file access using
Ranger policies, so that Hive can access data but unprivileged users cannot.
Enable Apache Ranger security policies.
Set doAs=false in Ambari by setting the Run as end user instead of Hive user to False:
In Ambari, select Services > Hive > Configs, and set options as
follows:
On the command line, set hive.server2.enable.doAs=false.
