Example: Hive Impersonation
The following examples illustrate Hive impersonation:
Example 1
- Log in as a non-
mapr
user and generate a Data Fabric ticket:$ su mapruser1 $ maprlogin password
- Connect to HiveServer2:
$ hive --service beeline Beeline version 2.3.3-mapr-SNAPSHOT by Apache Hive beeline> !connect jdbc:hive2://node4.cluster.com:10000/default;ssl=true;auth=maprsasl Connecting to jdbc:hive2://node4.cluster.com:10000/default;ssl=true;auth=maprsasl Connected to: Apache Hive (version 2.3.3-mapr-SNAPSHOT) Driver: Hive JDBC (version 2.3.3-mapr-SNAPSHOT) Transaction isolation: TRANSACTION_REPEATABLE_READ
- Create a table, and upload data:
0: jdbc:hive2://node4.cluster.com:10000/defau> create table impersonation_example_first (id int, username string); 0: jdbc:hive2://node4.cluster.com:10000/defau> insert into impersonation_example_first values (1, 'mapruser1');
- To check that impersonation works, use the following commands to check
the
/warehouse
directory of the Data Fabric file system:$ hadoop fs -ls /user/hive/warehouse Found 1 items drwxr-xr-x - mapruser1 mapruser1 1 2019-05-22 14:40 /user/hive/warehouse/impersonation_example_first $ hadoop fs -ls /user/hive/warehouse/impersonation_example_first Found 1 items -rwxrwxrwx 3 mapruser1 mapruser1 12 2019-10-15 07:21 /user/hive/warehouse/impersonation_example_first/000000_0
Example 2
- Generate a Data Fabric ticket for a
non-
mapr
user. - Connect through JDBC using the
hive.server2.proxy.user
option with a non-mapr
user name as an argument:$ hive --service beeline beeline> !connect jdbc:hive2://node4.cluster.com:10000/default;auth=maprsasl;ssl=true;hive.server2.proxy.user=mapruser1 Connecting to jdbc:hive2://node4.cluster.com:10000/default;auth=maprsasl;ssl=true;hive.server2.proxy.user=mapruser1 Client: auth-conf,auth-int,auth.Using Server one Connected to: Apache Hive (version 2.3.3-mapr-SNAPSHOT) Driver: Hive JDBC (version 2.3.3-mapr-SNAPSHOT) Transaction isolation: TRANSACTION_REPEATABLE_READ
- Create a table and upload
data:
0: jdbc:hive2://node4.cluster.com:10000/default> create table impersonation_example_second (id int); 0: jdbc:hive2://node4.cluster.com:10000/default> insert into table impersonation_example_second values (1), (2), (3), (5);
- Check the owner of the table and
data:
$ hadoop fs -ls /user/hive/warehouse/impersonation_example_second Found 1 items drwxrwxrwx - mapruser1 mapruser1 1 2019-05-23 12:29 /user/hive/warehouse/impersonation_example_second $ hadoop fs -ls /user/hive/warehouse/impersonation_example_second Found 1 items -rwxrwxrwx 3 mapruser1 mapruser1 8 2019-05-23 12:29 /user/hive/warehouse/impersonation_example_second/000000_0