You start the Hive shell using a Beeline command to query Hive as an end user
authorized by Apache Ranger. As administrator, you set up the end user in the operating
system and in Ranger.
Before starting Hive for the first time, you might want to check that you are covered
by Ranger policies required for basic operations as shown in the following steps. All users need
to use the default database, perform operations such as listing
database names, and query the information schema. The preloaded default database
tables columns and information_schema database Ranger policies cover group public
(all users). If these policies are disabled, you cannot use the default database,
perform basic operations such as listing database names, or query the information
schema. For example, if the default database tables columns policy is disabled, the
following error appears if you try to use the default database:
hive> USE default;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [hive] does not have [USE] privilege on [default]
Access the Ranger Console: click the Ranger Admin web UI link, enter your user name and password, then click Sign In.
On the far right, click Ranger > cm_hive and in Allow Conditions, edit all - database, table,
column.
Add your user or group name to Hive policies to grant full access to
Hive.
For example, add the admins group name to the list of groups that can
access Hive.
Check that the preloaded default database tables columns and
information_schema database policies are enabled for group
public.
In Environments > your environment > your cluster, click the CM-URL.
In Cloudera Manager, click Hosts > All Hosts.
Make a note of the IP address or host name of a node in your cluster, for
example myhost-vpc.cloudera.com.
Use ssh to log into the cluster.
For example:
ssh myhost-vpc.cloudera.com
You can get help about starting the Hive shell. On the command line, type
hive -h
Output
is:
Connect using simple authentication to HiveServer2 on localhost:10000
beeline -u jdbc:hive2://localhost:10000 username password
Connect using simple authentication to HiveServer2 on hs.local:10000 using -n for username and -p for password
beeline -n username -p password -u jdbc:hive2://hs2.local:10012
Connect using Kerberos authentication with hive/localhost@mydomain.com as HiveServer2 principal
beeline -u "jdbc:hive2://hs2.local:10013/default;principal=hive/localhost@mydomain.com"
Connect using SSL connection to HiveServer2 on localhost at 10000
beeline "jdbc:hive2://localhost:10000/default;ssl=true;sslTrustStore=/usr/local/truststore;trustStorePassword=mytruststorepassword"
Connect using LDAP authentication
beeline -u jdbc:hive2://hs2.local:10013/default <ldap-username> <ldap-password>
Using the fully qualified domain name or IP address a node in your cluster from Cloudera Manager > Hosts > Role(s) and looking through the list of roles to find HS2 (Hive
on Tez HiveServer2). For example:
This node has the HiveServer role, so you can use the name or IP address in
Beeline.
Start the Hive shell.
Use your user name if your cluster security is set up.
Use the user name hive and no password.
Substitute the name or IP address of your HiveServer host for
10.65.13.98.
Simple
authentiation:
beeline -u jdbc:hive2://10.65.13.98:10000 -n <your user name> -p