Enable User Impersonation

Procedure

  1. Set the following properties in the /opt/mapr/hive/<version>/conf/hive-site.xml file on the nodes where HiveServer2 is installed: 
    <property>
  <name>hive.server2.enable.doAs</name>
  <value>true</value>
  <description>Set this property to enable impersonation in Hive Server 2</description>
</property>
<property>
  <name>hive.metastore.execute.setugi</name>
  <value>true</value>
  <description>Set this property to enable Hive Metastore service impersonation in unsecure mode. In unsecure mode, setting this property to true will cause the metastore to execute DFS operations using the client's reported user and group permissions. Note that this property must be set on both the client and server sides. If the client sets it to true and the server sets it to false, the client setting will be ignored.</description>
</property>
  2. Set the following property opt/mapr/hive/<version>/conf/hive-site.xml file on the nodes where Hive Metastore is installed: 
    <property>
  <name>hive.metastore.execute.setugi</name>
  <value>true</value>
  <description>Set this property to enable Hive Metastore service impersonation in unsecure mode. In unsecure mode, setting this property to true will cause the metastore to execute DFS operations using the client's reported user and group permissions. Note that this property must be set on both the client and server sides. If the client sets it to true and the server sets it to false, the client setting will be ignored.</description>
</property>
  3. Set the following properties in the /opt/mapr/hadoop/hadoop-<version>/conf/core-site.xml file: 
    <property>
  <name>hadoop.proxyuser.mapr.groups</name>
  <value>*</value>
  <description>Allow the superuser mapr to impersonate any member of any group</description>
</property>
<property>
  <name>hadoop.proxyuser.mapr.hosts</name>
  <value>*</value>
  <description>The superuser can connect from any host to impersonate a user</description>
</property>
  4. Create a file at $MAPR_HOME/conf/proxy/<username> for each user to impersonate. For example, to enable HiveServer2 to submit jobs to the MapR cluster as the user juser, run the following command as root on each node where HiveServer 2 is installed: 
    # mkdir $MAPR_HOME/conf/proxy
# chmod 755 $MAPR_HOME/conf/proxy
# touch $MAPR_HOME/conf/proxy/juser

Results

WARNING: The impersonated user must have write permissions to /user/hive/warehouse and /user/mapr-user/tmp/hive directories.