Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

User can still see / read on paths that it does not own

Labels:
avatar
author-rank menorah84
Expert Contributor

Created ‎11-22-2016 10:27 AM

I have set a Ranger policy enabling a certain newuser to read/write/execute only on his own home directory in HDFS, say /user/<newuser>. While the policy certainly works on his own path, however, I do not want newuser to be able to read directories and files outside its own, which still happens when I do:

hadoop fs -ls /

Or on some other directories. Same thing happens when newuser is logged in in Hue.

How do I do this in Ranger?

1,855 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank agillan author-rank
Guru

Created ‎11-22-2016 10:32 AM

Hi @J. D. Bacolod - please see this article I wrote a while ago which explains how Ranger works: https://community.hortonworks.com/content/kbentry/49177/how-do-ranger-policies-work-in-relation-to-h...

From HDP 2.5, there is also the potential to Deny access explicitly via a Deny policy. See this article on how to enable them: https://community.hortonworks.com/content/kbentry/61208/how-to-enable-deny-conditions-and-excludes-i...

Hope this helps!

View solution in original post

1,797 Views
2 REPLIES 2

avatar
author-rank dsharma author-rank
Guru

Created ‎11-22-2016 10:29 AM

that is because HDFS posix permission is there on base dir , so make that is 000

1,797 Views

avatar
author-rank agillan author-rank
Guru

Created ‎11-22-2016 10:32 AM

Hi @J. D. Bacolod - please see this article I wrote a while ago which explains how Ranger works: https://community.hortonworks.com/content/kbentry/49177/how-do-ranger-policies-work-in-relation-to-h...

From HDP 2.5, there is also the potential to Deny access explicitly via a Deny policy. See this article on how to enable them: https://community.hortonworks.com/content/kbentry/61208/how-to-enable-deny-conditions-and-excludes-i...

Hope this helps!

1,798 Views
Announcements
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
What's New @ Cloudera
Announcing Cloudera Streaming Analytics Operator for Kuberne...
View More Announcements