Cloudera Docs

Showing Role|Grant definitions from Ranger HiveAuthorizer

You can use beeline to show the roles granted to users, groups, and roles.

You can create roles in Ranger or in Hive. You create roles in HIVE using ROLE commands. such as CREATE ROLE, GRANT / REVOKE ROLE. You can create roles in Ranger, using the Ranger Admin Web UI, if you have Admin permissions. See related links for more information about creating roles. The Hive2 command line infterface Beeline returns role grant defnitions for a specific principal, such as a user, group or role.

Roles must be defined before using beeline to show role|grant definitions.

  1. Run beeline, (the hive2 command line interface) on the Ranger host. 
    beeline -u jdbc:hive2://<ranger_host_name>
  2. Enter valid syntax to return the role definitions for a specific principal.
    Syntax
    SHOW ROLE GRANT (USER|GROUP|ROLE) principal_name;
    where

    principal_name is USER | GROUP | ROLE name

Beeline outputs query results, as shown in following examples:

SHOW ROLE GRANT USER HDFS -> show roles for user "hdfs"

beeline output for show role grant user hdfs
SHOW ROLE GRANT ROLE -> show roles for role "ITManagers"
beeline output for show role grant role IT managers