Securing Apache Hive
Also available as:
PDF

Secure LLAP in HiveServer

Hive LLAP shares and caches data across many users like other MPP or database technologies do. Older file-based security controls do not work with Hive and impersonation (doAs=true) is not supported by Hive LLAP. You need to use Apache Ranger, disable impersonation (doAs=false) to secure Hive LLAP, and restrict underlying file access using Ranger policies, so that Hive can access data but unprivileged users cannot.
  1. Enable Apache Ranger security policies.
  2. Set doAs=false in Ambari by setting the Run as end user instead of Hive user to False:
    • In Ambari, select Services > Hive > Configs, and set options as follows:
    • On the command line, set hive.server2.enable.doAs=false.