You need to learn how to set up two policies to give users access Hive external
files on Ozone. For example, if Ozone users are running SparkSQL statements that query Hive
files, you must set up an Ozone access policy and Ozone file system access
policy.
First you enable Ozone in the Ranger service, and then you set up the policies.
-
In Cloudera Manager, click , search for ranger_service, and enable it.
-
Click , enter your user name and
password, then click Sign
In.
-
In Service Manager, click to add an Ozone policy.
-
Select an "all - volume, bucket, key" policy, and provide a policy name,
volume, bucket, and key.
-
Set allow and deny permissions in the Ozone policy for the hive user,
and save.
-
In Service Manager, click .
-
Select url.
-
Provide a policy name and Ozone URL, for example
03fs://test/buck1
.
-
Set the allow and deny conditions in the Hadoop SQL policy, and save.
In Allow and Deny Conditions, you can select users and groups in addition to
the default (hive, hue, and a few others) who are subject to allow and deny
conditions.To grant everyone access, select the group list public. Every
user is then subject to your allow and deny conditions.