Cloudera Docs

Configuring external file authorization

As Administrator, you need to know how to configure properties in Cloudera Manager for read and write authorization to Apache Hive external tables from Apache Spark. You also need to configure file level permissions on tables for users.

You set the following properties and values for HMS API-Ranger integration:
hive.metastore.pre.event.listeners
Value: 
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore. \
                                      HiveMetaStoreAuthorizer
Configures HMS writes.
hive.security.authenticator.manager
Value: org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator

Add properties to hive-site.xml using the Cloudera Manager Safety Valve as described in the next section.

  1. In Cloudera Manager, to configure Hive Metastore properties click Clusters > Hive-1 > Configuration .
  2. Search for hive-site.
  3. In Hive Metastore Server Advanced Configuration Snippet (Safety Valve) for hive-site.xml, click +.
  4. Add a property name and value.
  5. Repeat steps to add other properties.
  6. Save changes.
  7. Configure file level permissions on tables for users.
    Only users who have file level permissions on external tables can access external tables.