Accessing Hive files in Ozone
Learn how to set up policies to give users access to Hive external files in Ozone. For example, if Ozone users are running SparkSQL statements that query Hive tables, you must set up an Ozone access policy and Ozone file system access policy.
When Ranger is enabled in the cluster, any user other than the default admin user, "om" requires the necessary Ranger permissions and policy updates to access the Ozone filesystem. To create a Hive external table that points to the Ozone filesystem, the "hive" user should have the required permissions in Ranger.
In this task, you first enable Ozone in the Ranger service, and then set up the required policies.
- In Cloudera Manager, click to navigate to the configuration page for Ozone.
- Search for ranger_service, and enable the property.
, enter your user name and password, then click The Service Manager for Resource Based Policies page is displayed in the Ranger console.
- Click the cm_ozone preloaded resource-based service to modify an Ozone policy.
- In the cm_ozone policies page, click the Policy ID or click Edit against the "all - volume, bucket, key" policy to modify the policy details.
In the Allow Conditions pane, add the "hive" user,
choose the necessary permissions, and then click
Click the Service Manager link in the
trail and then click the
Hadoop SQL preloaded resource-based service to update
the Hadoop SQL URL policy.
In the Hadoop SQL policies page, click the
Policy ID or click Edit against the "all - url" policy
to modify the policy details.
By default, "hive", "hue", "impala", "admin" and a few other users are provided access to all the Ozone URLs. You can select users and groups in addition to the default. To grant everyone access, add the "public" group to the group list. Every user is then subject to your allow conditions.
Also, it is recommended that you set certain Hive configurations before querying Hive tables in Ozone.