question Re: Hadoop backup with distcp: org.apache.hadoop.security.AccessControlException: Permission denied: user=XXXX, access=EXECUTE in Support Questions

question Re: Hadoop backup with distcp: org.apache.hadoop.security.AccessControlException: Permission denied: user=XXXX, access=EXECUTE in Support Questions https://community.cloudera.com/t5/Support-Questions/Hadoop-backup-with-distcp-org-apache-hadoop-security/m-p/304086#M221878 <a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/79706">@pazufst</a>                                                                 How Ranger policies work for HDFSApache Ranger offers a federated authorization model for HDFS. Ranger plugin for HDFS checks for Ranger policies and if a policy exists, access is granted to user. If a policy doesn’t exist in Ranger, then Ranger would default to the native permissions model in HDFS (POSIX or HDFS ACL). This federated model is applicable for HDFS and Yarn service in Ranger.For other services such as Hive or HBase, Ranger operates as the sole authorizer which means only Ranger policies are in effect.The option for the fallback model is configured using a property in Ambari → Ranger → HDFS config → Advanced ranger-hdfs-security <LI-CODE lang="markup">xasecure.add-hadoop-authorization=true</LI-CODE> The federated authorization model enables to safely implement Ranger in an existing cluster without affecting jobs that rely on POSIX permissions to enable this option as the default model for all deployments. org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.AccessControlException): Permission denied: user=XXXXX, access=READ,<LI-CODE lang="markup">inode="/user/.snapshot/user_201806150000":w93651:hdfs:drwx------</LI-CODE>Is self-explanatory does the user w93651 exist on both clusters with valid Kerberos tickets if the cluster is kerberized? Ensure the CROSS-REALM is configured and working. Is your ranger managing the 2 clusters? HTH Thu, 08 Oct 2020 17:52:36 GMT Shelton 2020-10-08T17:52:36Z