https://community.cloudera.com/t5/Support-Questions/Ranger-policies-on-HDFS-READ-WRITE-EXECUTE/m-p/214462#M176374 <P>Hi,</P><P>With a regular filesystem, if I create a directory '/data/dir1/dir2/', a user without the 'execute' permission on '/data/dir1' is denied access to '/data/dir1/dir2/' even if he's granted access to '/data/dir1/dir2/' itself, i.e. he has not the right to traverse the tree. </P><P>But not with Ranger. If my filesystem permissions are set to '000' for all the directories and I have a policy granting access to '/data/dir1/dir2/' to my user, this user should not be able to see '/data/dir1/dir2/' since he has no access to '/data/dir1/'. But he can!</P><P>1. Is this the expected behavior?</P><P>2. If so, what is the meaning of the 'execute' permission in Ranger?</P><P>3. How to get my expected behavior?</P><P>Thanks!</P><P><STRONG>EDITED</STRONG></P><P>All the directories have their permissions set to '000' in my filesystem, so without Ranger, no user has access to any of them. Then I create a policy in Ranger for '/dir1/dir2/' with 'rwx' permissions for user A. User A has now access to this directory, contrary to what I was expecting. Because since there is no policy with the 'execute' permission for '/dir1/', I was expecting that user A couldn't access '/dir1/dir2' (because on a regular filesystem, one need to traverse all the hierarchy of directories and so to have the 'execute' permission on all the parents).</P> Mon, 09 Apr 2018 16:59:14 GMT c_inconnu1 2018-04-09T16:59:14Z