Managing YARN queue users

To manage users of secure YARN queues, you need to know how to configure impersonation for Ranger.

To allow access to YARN queues, as Administrator, you configure HiveServer user impersonation to false. You also need to configure hive.server2.tez.queue.access.check=true. To manage YARN queues, you need the following behavior:
  • User submits the query through HiveServer (HS2) to the YARN queue
  • Tez app starts for the user
  • Access to the YARN queue is allowed for this user.

    As administrator, you can allocate resources to different users.

Managing YARN queues under Ranger

When you use Ranger, you configure HiveServer not to use impersonation (doas=false). HiveServer authorizes only the hive user, not the connected end user, to access Hive tables and YARN queues unless you also configure the following parameter: