Accessing Hive files on Ozone

You need to learn how to set up two policies to give users access Hive external files on Ozone. For example, if Ozone users are running SparkSQL statements that query Hive files, you must set up an Ozone access policy and Ozone file system access policy.

First you enable Ozone in the Ranger service, and then you set up the policies.

  1. In Cloudera Manager, click Ozone > Configuration, search for ranger_service, and enable it.
  2. Click Clusters > Ranger > Ranger Admin web UI, enter your user name and password, then click Sign In.
  3. In Service Manager, click Ozone + to add an Ozone policy.
  4. Select an "all - volume, bucket, key" policy, and provide a policy name, volume, bucket, and key.
  5. Set allow and deny permissions in the Ozone policy for the hive user, and save.
    Permissions to read the volume in the Ozone repo are required. For more information, see Using Ranger with Ozone.
  6. In Service Manager, click Hadoop SQL +.
  7. Select url.
  8. Provide a policy name and Ozone URL, for example 03fs://test/buck1.
  9. Set the allow and deny conditions in the Hadoop SQL policy, and save.
    In Allow and Deny Conditions, you can select users and groups in addition to the default (hive, hue, and a few others) who are subject to allow and deny conditions.To grant everyone access, select the group list public. Every user is then subject to your allow and deny conditions.