Privacera and Tableau — EMR Hive

I am using the following setup to test Apache Ranger policies with Tableau for EMR Hive. The goal is to do table, column and row level access control in Tableau.

The following setup is running in my mac. EMR Hive is running and Kerberos is in place.

neeraj_mac:~ neerajsab$ kinit neerajsab@example.com

neerajsab@example.com’s password:

neeraj_mac:~ neerajsab$ klist

Credentials cache: API:56B9D7E0–6DC7–46D4–91E1–710039407C26

Principal: neerajsab@example.com

Issued Expires Principal

Feb 6 15:12:56 2020 Feb 7 01:12:56 2020 krbtgt/example.com@example.com

neeraj_mac:~ neerajsab$

The prinicipal/user neerajsab is part of KDC and I have Kerberos ticket based on realm example.com

The private IP is listed in my /etc/hosts in mac pointing to public IP of EMR master node and also, KDC master.

Image for post
Connection details
Image for post
Image for post
Image for post
neerajsab user does not have access to see database and table
Image for post
added a new policy in ranger
Image for post
ns_customer database and access on all the tables
Image for post
neerajsab can access the database and table
Image for post
Audit
Image for post
All rows
Image for post
Row level filter
Image for post
Only rows from ‘cam%’ shows up as row level filter kicked in

Reach out to me on twitter @123nsab in case any questions.

Director of Sales Engineering @Privacera

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store