Impersonation in Apache Hive™ Metastore

Impersonation allows a Apache Hive™ Metastore cluster to work with cloud resources on behalf of a service account.

By default, a Apache Hive™ Metastore cluster does not have permissions to access user resources. To provide access to such resources, create a service account with the required roles and attach it to the Apache Hive™ Metastore cluster when creating the cluster. After that, Apache Hive™ Metastore will have access to user resources by authorizing on behalf of a service account.

The roles required for the service account depend on which service you are going to use Apache Hive™ Metastore with. For example, you need the logging.writer role to configure cluster log export in Yandex Cloud Logging, and the monitoring.editor, to use Yandex Monitoring dashboards.

When creating a service account for Apache Hive™ Metastore, we recommend using the managed-metastore.integrationProvider role as it already includes the logging.writer and monitoring.editor roles. For more information about this role, see this reference.

Apache® and Apache Hive™ are either registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries.