Privacera Ranger and Tableau — EMR Hive

Neeraj Sabharwal
Feb 7 · 2 min read

I am using the following setup to test Apache Ranger policies with Tableau for EMR Hive. The goal is to do table, column and row level access control in Tableau.

The following setup is running in my mac. EMR Hive is running and Kerberos is in place.

neeraj_mac:~ neerajsab$ kinit neerajsab@example.com

neerajsab@example.com’s password:

neeraj_mac:~ neerajsab$ klist

Credentials cache: API:56B9D7E0–6DC7–46D4–91E1–710039407C26

Principal: neerajsab@example.com

Issued Expires Principal

Feb 6 15:12:56 2020 Feb 7 01:12:56 2020 krbtgt/example.com@example.com

neeraj_mac:~ neerajsab$

The prinicipal/user neerajsab is part of KDC and I have Kerberos ticket based on realm example.com

The private IP is listed in my /etc/hosts in mac pointing to public IP of EMR master node and also, KDC master.

Connection details
neerajsab user does not have access to see database and table
added a new policy in ranger
ns_customer database and access on all the tables
neerajsab can access the database and table
Audit
All rows
Row level filter
Only rows from ‘cam%’ shows up as row level filter kicked in

Reach out to me on twitter @123nsab in case any questions.

Neeraj Sabharwal

Written by

Director of Sales Engineering @Privacera

More From Medium

Also tagged Big Data

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade