You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/hdinsight/spark/ranger-policies-for-spark.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -32,7 +32,7 @@ In this article, you learn how to:
32
32
33
33
## Create domain users
34
34
35
-
For information on how to create **sparkuser** domain users, see [Create an HDInsight cluster with ESP](../domain-joined/apache-domain-joined-configure-using-azure-adds.md#create-an-hdinsight-cluster-with-esp). In a production scenario, domain users come from your Microsoft Entra tenant.
35
+
For information on how to create `sparkuser` domain users, see [Create an HDInsight cluster with ESP](../domain-joined/apache-domain-joined-configure-using-azure-adds.md#create-an-hdinsight-cluster-with-esp). In a production scenario, domain users come from your Microsoft Entra tenant.
36
36
37
37
## Create a Ranger policy
38
38
@@ -61,7 +61,7 @@ In this section, you create two Ranger policies:
61
61
| database | default |
62
62
| table | hivesampletable |
63
63
| column | * |
64
-
| Select User | sparkuser |
64
+
| Select User |`sparkuser`|
65
65
| Permissions | select |
66
66
67
67
:::image type="content" source="./media/ranger-policies-for-spark/sample-policy-details.png" alt-text="Screenshot that shows sample details for an access policy." lightbox="./media/ranger-policies-for-spark/sample-policy-details.png":::
@@ -101,7 +101,7 @@ The following example shows how to create a policy to mask a column:
101
101
|Hive Database|default|
102
102
|Hive Table| hivesampletable|
103
103
|Hive Column|devicemake|
104
-
|Select User|sparkuser|
104
+
|Select User|`sparkuser`|
105
105
|Access Types|select|
106
106
|Select Masking Option|Hash|
107
107
@@ -145,7 +145,7 @@ Consider these points:
145
145
In such cases, we recommend that you either:
146
146
147
147
- Use the Hive catalog for both Hive and Spark.
148
-
- Maintain different database, table, and column names for both Hive and Spark catalogs so that the policies are not applied to databases across catalogs.
148
+
- Maintain different database, table, and column names for both Hive and Spark catalogs so that the policies aren't applied to databases across catalogs.
149
149
150
150
- If you use the Hive catalog for both Hive and Spark, consider the following example.
151
151
@@ -194,7 +194,7 @@ Let's say that you have the policies defined in the Ranger repo already under th
194
194
195
195
1. For **oldclustername_hive** service, add **rangersparklookup** user in the **policy.download.auth.users** and **tag.download.auth.users** list and click save.
196
196
197
-
:::image type="content" source="./media/ranger-policies-for-spark/add-new-user-rangerlookup.png" alt-text="Screenshot that shows edit option for ranger service." lightbox="./media/ranger-policies-for-spark/add-new-user-rangerlookup.png":::
197
+
:::image type="content" source="./media/ranger-policies-for-spark/add-new-user-rangerlookup.png" alt-text="Screenshot that shows how to add user in Ranger service." lightbox="./media/ranger-policies-for-spark/add-new-user-rangerlookup.png":::
198
198
199
199
The policies are applied on databases in the Spark catalog. If you want to access the databases in the Hive catalog:
200
200
@@ -206,4 +206,4 @@ The policies are applied on databases in the Spark catalog. If you want to acces
206
206
## Known issues
207
207
208
208
- Apache Ranger integration with Spark SQL doesn't work if the Ranger admin is down.
209
-
- In Ranger audit logs, when you hover over the **Resource** column, it doesn't show the entire query that you ran.
209
+
- In Ranger audit logs, when you hover over the **Resource** column, it can't show the entire query that you ran.
0 commit comments