Making the Hive plugin for Ranger visible

After upgrading from HDP or CDH clusters to CDP, the Hive plugin for the Hive metastore and HiveServer appears in the Ranger Admin UI unless configuration property problems due to upgrading exist. You can remove the incorrect properties to fix the problem.

If the Hive plugin does not appear in the Ranger Admin UI, you need to remove the following property settings from hive-site.xml using the Safety Valve:
  • hive.security.authorization.enabled
  • hive.security.authorization.manager
  • hive.security.metastore.authorization.manager
You also need to set properties for HMS API-Ranger integration.
  1. Check to see if the Hive plugin is visible by clicking Clusters > Ranger > Ranger Admin Web UI > Audit > Plugin Status.
    The Hadoop SQL service type for the hiveMetastore and hiveServer2 applications should appear. If so, skip the next step. Your configuration is ok.
  2. Using the Cloudera Manager Safety Valve, set the following properties and values for HMS API-Ranger integration:
    • hive.metastore.pre.event.listeners

      Value: org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthorizer

    • hive.security.authenticator.manager

      Value: org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator

  3. If the Hadoop SQL service type and corresponding applications for Hive and Hive Metastore do not appear, remove the properties listed above from hive-site.xml for Hive and Hive on Tez services.
    For example, in Cloudera Manager, click Clusters > Hive > Configurations, and search for each property. Remove the property name and value from the Safety Valve for hive-site.xml.