https://community.cloudera.com/t5/Archives-of-Support-Questions/ranger-doesn-t-show-resource-based-policies/m-p/220329#M84364 <P>Hello,</P><P>today ranger suddenly doesn't show any resource based policies under "User", but under "Admin" everything work fine.</P><P>i sought in log file any errors and found next line<STRONG>:<BR /></STRONG></P><PRE>2018-10-16 11:42:35,234 [http-bio-6080-exec-36] WARN apache.ranger.security.web.filter.RangerKrbFilter (RangerKrbFilter.java:439) - AuthenticationToken ignored: org.apache.hadoop.security.authentication.util.SignerException: Invalid signature </PRE><P>in catalina.out more in detail:</P><PRE>org.apache.hadoop.security.authentication.client.AuthenticationException: org.apache.hadoop.security.authentication.util.SignerException: Invalid signature ││ at org.apache.ranger.security.web.filter.RangerKrbFilter.getToken(RangerKrbFilter.java:391) ││ at org.apache.ranger.security.web.filter.RangerKrbFilter.doFilter(RangerKrbFilter.java:435) ││ at org.apache.ranger.security.web.filter.RangerKRBAuthenticationFilter.doFilter(RangerKRBAuthenticationFilter.java:285) ││ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ││ at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) ││ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ││ at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) ││ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ││ at org.apache.ranger.security.web.filter.RangerSSOAuthenticationFilter.doFilter(RangerSSOAuthenticationFilter.java:227) ││ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ││ at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150) ││ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ││ at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) ││ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ││ at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) ││ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ││ at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) ││ at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:106) ││ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ││ at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) ││ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ││ at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) ││ at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) ││ at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343) ││ at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260) ││ at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) ││ at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) ││ at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) ││ at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110) ││ at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506) ││ at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169) ││ at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) ││ at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962) ││ at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) ││ at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445) ││ at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115) ││ at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637) ││ at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318) ││ at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ││ at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ││ at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ││ at java.lang.Thread.run(Thread.java:748) ││Caused by: org.apache.hadoop.security.authentication.util.SignerException: Invalid signature ││ at org.apache.hadoop.security.authentication.util.Signer.checkSignatures(Signer.java:114) ││ at org.apache.hadoop.security.authentication.util.Signer.verifyAndExtract(Signer.java:75) ││ at org.apache.ranger.security.web.filter.RangerKrbFilter.getToken(RangerKrbFilter.java:389) </PRE><P>What's wrong? please help me...</P><P>Which is remarkable - resource based policies is show only for hive and doesn't show for hdfs, hbase, nifi, etc.</P><P>Cluster is kerberized, HDP 2.6.4</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="91717-capture.png" style="width: 1807px;"><img src="https://community.cloudera.com/t5/image/serverpage/image-id/15897i5D57109479E94A4C/image-size/medium?v=v2&amp;px=400" role="button" title="91717-capture.png" alt="91717-capture.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="91718-capture1.png" style="width: 1813px;"><img src="https://community.cloudera.com/t5/image/serverpage/image-id/15898i638D60026E8B3B1B/image-size/medium?v=v2&amp;px=400" role="button" title="91718-capture1.png" alt="91718-capture1.png" /></span></P> Sun, 18 Aug 2019 02:29:55 GMT ururu 2019-08-18T02:29:55Z https://community.cloudera.com/t5/Archives-of-Support-Questions/ranger-doesn-t-show-resource-based-policies/m-p/220329#M84364 <P>Hello,</P><P>today ranger suddenly doesn't show any resource based policies under "User", but under "Admin" everything work fine.</P><P>i sought in log file any errors and found next line<STRONG>:<BR /></STRONG></P><PRE>2018-10-16 11:42:35,234 [http-bio-6080-exec-36] WARN apache.ranger.security.web.filter.RangerKrbFilter (RangerKrbFilter.java:439) - AuthenticationToken ignored: org.apache.hadoop.security.authentication.util.SignerException: Invalid signature </PRE><P>in catalina.out more in detail:</P><PRE>org.apache.hadoop.security.authentication.client.AuthenticationException: org.apache.hadoop.security.authentication.util.SignerException: Invalid signature ││ at org.apache.ranger.security.web.filter.RangerKrbFilter.getToken(RangerKrbFilter.java:391) ││ at org.apache.ranger.security.web.filter.RangerKrbFilter.doFilter(RangerKrbFilter.java:435) ││ at org.apache.ranger.security.web.filter.RangerKRBAuthenticationFilter.doFilter(RangerKRBAuthenticationFilter.java:285) ││ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ││ at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) ││ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ││ at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) ││ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ││ at org.apache.ranger.security.web.filter.RangerSSOAuthenticationFilter.doFilter(RangerSSOAuthenticationFilter.java:227) ││ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ││ at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150) ││ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ││ at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) ││ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ││ at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) ││ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ││ at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) ││ at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:106) ││ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ││ at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) ││ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ││ at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) ││ at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) ││ at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343) ││ at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260) ││ at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) ││ at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) ││ at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) ││ at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110) ││ at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506) ││ at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169) ││ at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) ││ at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962) ││ at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) ││ at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445) ││ at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115) ││ at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637) ││ at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318) ││ at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ││ at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ││ at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ││ at java.lang.Thread.run(Thread.java:748) ││Caused by: org.apache.hadoop.security.authentication.util.SignerException: Invalid signature ││ at org.apache.hadoop.security.authentication.util.Signer.checkSignatures(Signer.java:114) ││ at org.apache.hadoop.security.authentication.util.Signer.verifyAndExtract(Signer.java:75) ││ at org.apache.ranger.security.web.filter.RangerKrbFilter.getToken(RangerKrbFilter.java:389) </PRE><P>What's wrong? please help me...</P><P>Which is remarkable - resource based policies is show only for hive and doesn't show for hdfs, hbase, nifi, etc.</P><P>Cluster is kerberized, HDP 2.6.4</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="91717-capture.png" style="width: 1807px;"><img src="https://community.cloudera.com/t5/image/serverpage/image-id/15897i5D57109479E94A4C/image-size/medium?v=v2&amp;px=400" role="button" title="91717-capture.png" alt="91717-capture.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="91718-capture1.png" style="width: 1813px;"><img src="https://community.cloudera.com/t5/image/serverpage/image-id/15898i638D60026E8B3B1B/image-size/medium?v=v2&amp;px=400" role="button" title="91718-capture1.png" alt="91718-capture1.png" /></span></P> Sun, 18 Aug 2019 02:29:55 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/ranger-doesn-t-show-resource-based-policies/m-p/220329#M84364 ururu 2019-08-18T02:29:55Z https://community.cloudera.com/t5/Archives-of-Support-Questions/ranger-doesn-t-show-resource-based-policies/m-p/220330#M84365 <P>Looks like user does not have the right access in ranger. </P> Fri, 16 Nov 2018 06:21:26 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/ranger-doesn-t-show-resource-based-policies/m-p/220330#M84365 vperiasamy 2018-11-16T06:21:26Z https://community.cloudera.com/t5/Archives-of-Support-Questions/ranger-doesn-t-show-resource-based-policies/m-p/220331#M84366 <P>You are right. I just not carefully was reading documentation, not admin user can't view policy.</P> Tue, 15 Jan 2019 21:21:00 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/ranger-doesn-t-show-resource-based-policies/m-p/220331#M84366 ururu 2019-01-15T21:21:00Z