Creating a view from Spark

You can create a view of an Apache Hive table from a Spark client, such as SparkSQL, that only authorized users can access. You learn how authorization works and how to create the view.

When you create a Spark view from a Spark client, a table parameter name Authorized is set to false because the view was created outside of HiveServer API or Ranger authorization. When you select the view, under both of the following conditions you get the results of the query; otherwise, you get an error:
  • A Ranger policy grants you access to the view.
  • A Ranger policy grants you access to the underlying Hive table.

Only Hive allows a Ranger Policy to grant access to a view on tables, which are otherwise restricted. Other engines will when querying the view, even if the view has been explicitly granted access. Exception: Spark can gain access a view/table through the Hive Warehouse Connector (HWC), as that can ensure proper authentication enforcement is in place.

  • Obtain access to the view from a superuser who can create the Ranger policy.
  • Obtain access to the underlying Hive table through a Ranger policy.
  1. In SparkSQL, create a Spark view from SparkSQL of a Hive table named, for example, employee.
    sparksql > CREATE VIEW emp_part AS SELECT name, age FROM employee;                
  2. In Hive, select the view.
    Hive > SELECT * FROM emp_part;               
    Only from Hive can you access the view. From other engines, such as Spark or Impala, authorization does not succeed.