https://community.cloudera.com/t5/Support-Questions/Ranger-policy-for-group-not-working-Checked-all-previous-but/m-p/185508#M147615 <P>Hi,</P><P>Verified various links but could not come up with solution.</P><P>Ranger policy is not applied to a user when policy has user group name but is successful when applied to user directly.</P><P>Here is the information:</P><P>a) HDP - 2.6.5; Ranger - 0.7.0; CentOS 6.5; Windows 2012 R2 is used as AD ( has full admin privileges on AD )</P><P>b) Settings:</P><P>Incremental Sync - Enabled</P><P>Username Attribute - sAMAccountName; User Object Class: user; User Search Filter: cn=*; user search scop: sub; User Group Name Attribute - memberOf,ismemberof; Group User Map Sync - False or disabled.</P><P>Enable Group Sync - Enabled; Group Member Attribute - member; Group Name Attribute - sAMAccountName; Group Object Class - group;Group Search Filter - CN=*; Enable Group Search First - False or disabled.</P><P>c) On OS side:</P><P>hdfs groups &lt;username&gt; gives the group name of the user and the same user name ( with exact case ) is present in Ranger Groups </P><P>Still the user is not able to access hive databases in spite of policy allowing members of group to which the user belongs to.</P><P>Can someone please help me on this.</P><P> <A rel="user" href="https://community.cloudera.com/users/537/spolavarapu.html" nodeid="537">@spolavarapu</A> <A rel="user" href="https://community.cloudera.com/users/11048/falbani.html" nodeid="11048">@Felix Albani</A> or anyone can help me on this.</P> Fri, 07 Sep 2018 07:04:29 GMT sriramhadoop27 2018-09-07T07:04:29Z