Example: Hive Impersonation

The following examples illustrate Hive impersonation:

Example 1

  1. Log in as a non-mapr user and generate a Data Fabric ticket:
    $ su mapruser1
    $ maprlogin password
  2. Connect to HiveServer2:
    
    $ hive --service beeline
    Beeline version 2.3.3-mapr-SNAPSHOT by Apache Hive
    beeline> !connect jdbc:hive2://node4.cluster.com:10000/default;ssl=true;auth=maprsasl
    Connecting to jdbc:hive2://node4.cluster.com:10000/default;ssl=true;auth=maprsasl
    Connected to: Apache Hive (version 2.3.3-mapr-SNAPSHOT)
    Driver: Hive JDBC (version 2.3.3-mapr-SNAPSHOT)
    Transaction isolation: TRANSACTION_REPEATABLE_READ
    
  3. Create a table, and upload data:
    
    0: jdbc:hive2://node4.cluster.com:10000/defau> create table impersonation_example_first (id int, username string);
    0: jdbc:hive2://node4.cluster.com:10000/defau> insert into impersonation_example_first values (1, 'mapruser1');
    
  4. To check that impersonation works, use the following commands to check the /warehouse directory of the Data Fabric file system:
    
    $ hadoop fs -ls /user/hive/warehouse
    Found 1 items
    drwxr-xr-x   - mapruser1 mapruser1          1 2019-05-22 14:40 
    /user/hive/warehouse/impersonation_example_first
    
    $ hadoop fs -ls /user/hive/warehouse/impersonation_example_first
    Found 1 items
    -rwxrwxrwx   3 mapruser1 mapruser1         12 2019-10-15 07:21 
    /user/hive/warehouse/impersonation_example_first/000000_0
    

Example 2

  1. Generate a Data Fabric ticket for a non-mapr user.
  2. Connect through JDBC using the hive.server2.proxy.user option with a non-mapr user name as an argument:
    $ hive --service beeline
    beeline> !connect 
    jdbc:hive2://node4.cluster.com:10000/default;auth=maprsasl;ssl=true;hive.server2.proxy.user=mapruser1
    Connecting to 
    jdbc:hive2://node4.cluster.com:10000/default;auth=maprsasl;ssl=true;hive.server2.proxy.user=mapruser1
    Client: auth-conf,auth-int,auth.Using Server one
    Connected to: Apache Hive (version 2.3.3-mapr-SNAPSHOT)
    Driver: Hive JDBC (version 2.3.3-mapr-SNAPSHOT)
    Transaction isolation: TRANSACTION_REPEATABLE_READ
    
  3. Create a table and upload data:
    0: jdbc:hive2://node4.cluster.com:10000/default> create table impersonation_example_second (id int);
    0: jdbc:hive2://node4.cluster.com:10000/default> insert into table impersonation_example_second values (1), (2), (3), (5);
    
  4. Check the owner of the table and data:
    $ hadoop fs -ls /user/hive/warehouse/impersonation_example_second
    Found 1 items
    drwxrwxrwx   - mapruser1 mapruser1          1 2019-05-23 12:29 
    /user/hive/warehouse/impersonation_example_second
    
    $ hadoop fs -ls /user/hive/warehouse/impersonation_example_second
    Found 1 items
    -rwxrwxrwx   3 mapruser1 mapruser1          8 2019-05-23 12:29 
    /user/hive/warehouse/impersonation_example_second/000000_0