Disabling impersonation (doas)

As administrator, you must understand the permissions model supported in CDP Private Cloud Base is Apache Ranger.

Disable impersonation to use Ranger

When you enable Ranger, you disable user impersonation (doAs=false). This is the Hive default and Ranger is the only supported and recommended security model. Managed, ACID tables as well as external tables, secured by Ranger, are supported in this configuration. Impersonation of the end user is disabled, which is the state required by Hive for managing ACID tables.

In Cloudera Manager, click Hive on Tez > Configuration and search for (hive.server2.enable.doAs).

Uncheck Hive (Service-Wide) to disable impersonation.

With no impersonation, HiveServer authorizes only the hive user to access Hive tables.