Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

Ranger Admin stops applying policy updates.

Labels:
avatar
author-rank hyadav
Rising Star

Created ‎05-23-2016 11:29 AM

1) Using HDFS DFS -ls command I see /apps/hive with permissions 777

2) Modifying permissions on /apps/hive to 700 by using HDFS DFS -chmod command 3) Now going back to Ranger and modifying permissions to HDFS policy to add users to have access to path /apps/hive/warehouse. Ranger will no longer sync with HDFS

1,524 Views
1 ACCEPTED SOLUTION

avatar
author-rank sshimpi
Super Guru

Created ‎05-23-2016 11:33 AM

@Harini Yadav

Please check this -

Ranger will always takes 1st precedence and then POSX permissions/HDFS acl's.

Also setting "xasecure.add-hadoop-authorization" = false in ranger-hdfs-security.xml in /etc/hadoop/conf will stop the fall back to HDFS ACL.

Please check below url's for more details -

http://hortonworks.com/blog/best-practices-in-hdfs-authorization-with-apache-ranger/

https://community.hortonworks.com/questions/22054/should-we-disable-hdfs-default-acl-to-enable-range...

View solution in original post

1,315 Views
0 Kudos
1 REPLY 1

avatar
author-rank sshimpi
Super Guru

Created ‎05-23-2016 11:33 AM

@Harini Yadav

Please check this -

Ranger will always takes 1st precedence and then POSX permissions/HDFS acl's.

Also setting "xasecure.add-hadoop-authorization" = false in ranger-hdfs-security.xml in /etc/hadoop/conf will stop the fall back to HDFS ACL.

Please check below url's for more details -

http://hortonworks.com/blog/best-practices-in-hdfs-authorization-with-apache-ranger/

https://community.hortonworks.com/questions/22054/should-we-disable-hdfs-default-acl-to-enable-range...

1,316 Views
0 Kudos
Announcements
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
What's New @ Cloudera
Announcing Cloudera Streaming Analytics Operator for Kuberne...
View More Announcements