Managing YARN queue users
To manage users of secure YARN queues, you need to know how to configure impersonation for the security model you select.
hive.server2.tez.queue.access.check=true. In either case, to manage YARN queues, you need the following behavior:
- User submits the query through HiveServer (HS2) to the YARN queue
- Tez app starts for the user
- Access to the YARN queue is checked for this user.
As administrator, you can allocate resources to different users.
Managing YARN queues under Ranger
When you use Ranger, you configure HiveServer not to use impersonation
doas=false). HiveServer authorizes only the
hive user, not
the connected end user, to access Hive tables and YARN queues unless you also configure the
Managing YARN queues under SBA
As administrator, if you do not use the recommended Ranger security, you simply enable the
doAs impersonation (
doas=true) parameter to use SBA. This
action also causes HiveServer to authorize the connected user who issued the query to access YARN
queues while running the Tez application as the