一、解压tar包
tar zxvf ranger-2.4.0-hive-plugin.tar.gz
二、修改install.propertis
POLICY_MGR_URL=http://localhost:6080
REPOSITORY_NAME=hive_repo
COMPONENT_INSTALL_DIR_NAME=/BigData/run/hive
CUSTOM_USER=hadoop
三、进行enable
[root@tv3-hadoop-01 ranger-2.4.0-hive-plugin]# ./enable-hive-plugin.sh
看到下面的内容后,已经初始化完毕,需要重启meta和hive服务
Ranger Plugin for hive has been enabled. Please restart hive to ensure that changes are effective.
nohup hive --service metastore &
nohup hive --service hiveserver2 &
四、验证服务状态
服务正常,但是权限已经受到管控,需要进行授权
[hadoop@tv3-hadoop-01 ~]$ beeline
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/home/hadoop/gf13871/apache-hive-3_1_3/lib/log4j-slf4j-impl-2.17.1.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/BigData/install/hadoop-3.3.1/share/hadoop/common/lib/slf4j-log4j12-1.7.30.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [org.apache.logging.slf4j.Log4jLoggerFactory]
Beeline version 3.1.3 by Apache Hive
beeline> !connect jdbc:hive2://tv3-hadoop-01:10000/default;principal=hadoop/tv3-hadoop-01@AB.ELONG.COM
Connecting to jdbc:hive2://tv3-hadoop-01:10000/default;principal=hadoop/tv3-hadoop-01@AB.ELONG.COM
Connected to: Apache Hive (version 3.1.3)
Driver: Hive JDBC (version 3.1.3)
Transaction isolation: TRANSACTION_REPEATABLE_READ
0: jdbc:hive2://tv3-hadoop-01:10000/default> show tables;
Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [hadoop] does not have [USE] privilege on [default] (state=42000,code=40000)
0: jdbc:hive2://tv3-hadoop-01:10000/default>
五、Ranger 授权
六、相关报错
6.1 测试连接时出现下面报错(待解决)
org.apache.ranger.plugin.client.HadoopException: Unable to execute SQL [show databases like "*"]..
Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [rangerlookup] does not have [USE] privilege on [Unknown resource!!].
Permission denied: user [rangerlookup] does not have [USE] privilege on [Unknown resource!!].