Configure HMS properties for authorization
As Administrator, if you have any problem with query authorization, you might need to set up Apache Hive metastore (HMS) authorization through Ranger. For example, if you configured storage-based authorization of Hive queries, and then you want to switch to authorization through Ranger, you must setup authorization through Ranger. You configure HMS properties to make this switch.
To integrate the HMS API and Ranger for authorizing queries, you need to add the
following HMS properties and values to hive-site.xml using Cloudera Manager:
- hive.metastore.pre.event.listeners
- Value:
org.apache.hadoop.hive.ql.security.authorization. \ plugin.metastore.HiveMetaStoreAuthorizer
- hive.security.authenticator.manager
- Value: org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator
Add properties to hive-site.xml using the Cloudera Manager Safety Valve as described in the next section.
- In Cloudera Manager, to configure Hive Metastore properties click .
- Search for hive-site.
- In Hive Metastore Server Advanced Configuration Snippet (Safety Valve) for hive-site.xml, click +.
- Add a property name and value.
- Repeat steps to add other properties.
- Save changes.