Cloudera Docs

Authorizing external tables

As Administrator, you need to know how to authorize users to read and write to Apache Hive external tables, which includes accessing tables using Spark SQL, Hue, and Beeline. You also need to configure file level permissions on tables for users.

You set the following properties and values for HMS API-Ranger integration:
hive.metastore.pre.event.listeners
Value: 
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthorizer
Configures HMS writes.
hive.security.authenticator.manager
Value: org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator

Add properties to hive-site.xml using the Cloudera Manager Safety Valve as described in the next section.

  1. In Cloudera Manager, to configure Hive Metastore properties click Clusters > Hive-1 > Configuration .
  2. Search for hive-site.
  3. In Hive Metastore Server Advanced Configuration Snippet (Safety Valve) for hive-site.xml, click +.
  4. Add a property name and value.
  5. Repeat steps to add other properties.
  6. Save changes.
  7. Configure file level permissions on tables for users.
    Only users who have file level permissions on external tables can access external tables.