Apache Ranger is Hortonworks authorization provider. Arcadia Enterprise supports authorization using Apache Ranger, based on the model described in What Ranger Does and How Ranger Works. Arcadia Enterprise extends this model to work with analytical views (as well as tables), available on all Arcadia connections.
Our integration enables you to use existing Ranger authorization policies, which were created for Hive, to enforce security within Arcadia Engine.
For commands and queries that reference analytical views, Arcadia Engine verifies authorization on the base table or logical view on which the analytical view was defined. There is no additional overhead of explicitly granting or managing access to analytical views.
Note the following restrictions when running Hive and Arcadia Engine with Apache Ranger authorization:
CREATE [EXTERNAL] TABLE … LOCATION
requires all privileges on all databases.
Users with appropriate HDFS permissions can use Hive to CREATE
these
types of tables.ALTER TABLE ... RENAME
requires CREATE
privilege on the
destination database.GRANT
or REVOKE
privileges. Users can issue GRANT
and REVOKE
commands
within Hive, or manage authorization using the Ranger UI.SHOW ROLES
, SHOW ROLE GRANT
GROUP
, and SHOW GRANT ROLE
commands.