Creating secure external tables
A step-by-step procedure shows you how to create a secure external table using SERDEPROPERTIES or TBLPROPERTIES and Ranger policies.
In this case, the URI sent for ranger Authentication is
Create table foo_ext(i int) stored by 'org.apache.hadoop.hive.hbase.HBaseStorageHandler' with serdeproperties ("hbase.columns.mapping"="cf:string", "hbase.table.name"="hbase_table_0”);
hbase://hostclustername:2181/hbase_table_0/cf. In this procedure, you create a Hadoop SQL policy in Ranger that provides the following authorizations:
- Authorizes the end user against the location of the external table.
For example, in Ranger create an HDFS policy to give read, write, and execute permissions to
- Authorizes the end user against the URI used in the table creation statement.
For example, in Ranger set a SQL policy to give create/alter/drop privileges on hbase://hostname:portnumber/hbase_table_0.
- Authorizes the user hive to access the HBase table.
For example, in Ranger set an HBase policy to have full access to hbase://hostname/hbase_table_0.
By default, the capability to create StorageHandler-based tables is turned off. Required Ranger features changes might not be available in your environment.
- Check that you have required Ranger features as described in the next topic.
- Enable authorization of StorageHandler based tables as described in the subsequent topic.
Go to Ranger all - storage-type,
, enter a policy name, and
click the numerical link for For example, click 11 in the screenshot below.
- In Edit Policy, select storage-type, type hbase, and then select hbase to set the storage type to hbase.
In Storage URL, type the URI format for the table.
For example, type hbase-cluster:port/hbase-table.
Add permissions for users or groups to create a table on the table storage
For example, select Create Table on Storage.