After configuring Ranger to integrate with the Hive Metastore, the next step is to define and apply Ranger policies to secure the Hive Metastore access.
Ranger policies for the Hive Metastore allow you to control access to various Hive resources, such as databases, tables, and columns. You can define policies based on the following criteria:
- Users/Groups: Specify the users or groups who should have access to the Hive resources.
- Permissions: Define the type of access (read, write, create, drop) that should be granted or denied.
- Resources: Select the specific Hive databases, tables, or columns that the policy should apply to.
-
Log in to the Ranger Admin UI:
- Access the Ranger Admin console, typically available at
http://<ranger-admin-host>:6080
.
-
Navigate to the Hive Service:
- In the Ranger Admin UI, locate the "Hive" service and click on it to manage the Hive-related policies.
-
Create a New Hive Policy:
- Click on the "Add New Policy" button to create a new Hive policy.
- Provide a meaningful name for the policy, such as "Restrict access to sensitive Hive tables".
-
Configure the Policy Details:
- Resources: Select the Hive databases, tables, or columns that the policy should apply to. You can use wildcards (e.g.,
db_name.*
) to apply the policy to multiple resources.
- Users/Groups: Specify the users or groups who should have access to the selected Hive resources.
- Permissions: Choose the appropriate permissions (read, write, create, drop) that should be granted or denied for the selected users/groups.
-
Review and Save the Policy:
- Review the policy details to ensure they match your security requirements.
- Click "Add" to save the policy.
graph LR
A[Ranger Admin UI] --> B[Hive Service]
B --> C[Create New Policy]
C --> D[Policy Configuration]
D --> E[Resources]
D --> F[Users/Groups]
D --> G[Permissions]
E --> H[Databases, Tables, Columns]
F --> I[Authorized Users/Groups]
G --> J[Read, Write, Create, Drop]
By creating and applying Ranger policies for the Hive Metastore, you can ensure that only authorized users and applications can access and manipulate the metadata stored in the Hive Metastore, enhancing the overall security of your Hadoop ecosystem.