Disabling impersonation (doas)
As administrator, you must understand the permissions model supported in CDP Private Cloud Base is Apache Ranger.
Disable impersonation to use Ranger
When you enable Ranger, you disable user impersonation (doAs=false
). This is
the Hive default and Ranger is the only supported and recommended security model. Managed,
ACID tables as well as external tables, secured by Ranger, are supported in this
configuration. Impersonation of the end user is disabled, which is the state required by Hive
for managing ACID tables.
In Cloudera Manager, click hive.server2.enable.doAs
).
Uncheck Hive (Service-Wide) to disable impersonation.
With no impersonation, HiveServer authorizes only the hive
user to access
Hive tables.