Skip to main content

Privacera Documentation

Non-portal users can access restricted Privacera Platform resources

Problem: Local users of an EMR cluster who are not defined in the Privacera Portal policy can get access to the resources on which the policy is applied. This happens when Hive is used on EMR.

Cause: If a group of the same name exists in Privacera Portal and locally in the EMR cluster, then the permissions assigned to the group users in the policy of Privacera Portal get applied to the local group users in the EMR cluster.

Solution:

  1. Copy the following property to the /etc/hive/conf/ranger-hive-security.xml file:

    <property><name>ranger.plugin.hive.use.only.rangerGroups</name><value>true</value></property>
  2. Restart Hive.

    sudo service hive-server2 stop sudo service hive-server2 start