[ https://issues.apache.org/jira/browse/RANGER-2128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16544855#comment-16544855
]
Kent Yao commented on RANGER-2128:
----------------------------------
My env is a fully kerberized cluster, and I ran thrift server with spark2.3.1(built-in hive)
on yarn against Apache Hadoop2.7.3/Hive Metastore Server2.1/ranger0.5.3-rc3
With the below secure options
{code:java}
hive.security.authorization.manager=org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory
hive.security.metastore.authenticator.manager=org.apache.hadoop.hive.ql.security.HadoopDefaultMetastoreAuthenticator
hive.security.metastore.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider
hive.server2.authentication=KERBEROS
hive.server2.enable.doAs=false
{code}
Only works for single user who start the server, fails to switch user
The exception is related to the thrift server do "use:database" action during opening session,
which will call sparksession.sql("use default"), AFAIK once it is executed the Isolated Hive
classloader will be turned off
> Implement SparkSQL plugin
> -------------------------
>
> Key: RANGER-2128
> URL: https://issues.apache.org/jira/browse/RANGER-2128
> Project: Ranger
> Issue Type: New Feature
> Components: plugins, Ranger
> Affects Versions: 1.1.0
> Reporter: t oo
> Assignee: Kent Yao
> Priority: Major
> Fix For: 2.0.0
>
> Attachments: support_ranger11.tgz
>
>
> Implement SparkSQL plugin
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
|