Varun Rao explains role-based access control using Apache Ranger on Amazon ElasticMapReduce:
Using the HUE SQL Editor, execute the following query.
These queries use external tables, and Hive leverages EMRFS to access the data stored in S3. Because HiveServer2 (where Hue is submitting these queries) is checking with Ranger to grant or deny before accessing any data in S3, you can create fine-grained SQL-based permissions for users even though there is a single EC2 role specified for the cluster (which is used by all requests the cluster makes to S3). For more information, see Additional Features of Hive on Amazon EMR.
If your job includes securing a Hadoop cluster, this is a nice read, even if you don’t use EMR.