Cloudera Docs

Configure HMS properties for authorization

As Administrator, if you have any problem with query authorization, you might need to set up Apache Hive metastore (HMS) authorization through Ranger. For example, if you configured storage-based authorization of Hive queries, and then you want to switch to authorization through Ranger, you must setup authorization through Ranger. You configure HMS properties to make this switch.

To integrate the HMS API and Ranger for authorizing queries, you need to add the following HMS properties and values to hive-site.xml using Cloudera Manager:
hive.metastore.pre.event.listeners
Value: 
org.apache.hadoop.hive.ql.security.authorization. \
  plugin.metastore.HiveMetaStoreAuthorizer
Configures HMS writes.
hive.security.authenticator.manager
Value: org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator

Add properties to hive-site.xml using the Cloudera Manager Safety Valve as described in the next section.

  1. In Cloudera Manager, to configure Hive Metastore properties click Clusters > Hive-1 > Configuration .
  2. Search for hive-site.
  3. In Hive Metastore Server Advanced Configuration Snippet (Safety Valve) for hive-site.xml, click +.
  4. Add a property name and value.
  5. Repeat steps to add other properties.
  6. Save changes.