Prior Ranger Version 0.6 it was a common scenario that security admins created per users policies, e.g. grant a user access to project databases (hive) or special HDFS directories.
Initially, a policy was created for each user so the admins ended up to manage about thousands of policies. Especially HDFS policies often had the name in the path, e.g. /user/demo/USERNAME/ *.
As Ranger 0.6 introduces the user variable, now the security admin have only to create one policy that looks like this in the path: /user/demo/{USER}/ * and assign the appropriate user permissions for the directory.
The user can immediate access and use the new HDFS directory with enforced user permissions.
dummy_1$ hdfs dfs -copyFromLocal tst.x1 /user/demo/dummy_1 dummy_1$ hdfs dfs -ls /usr/demo/dummy_1 Found 1 items -rw-r--r-- 3 dummy_1 hdfs19001 2018-03-23 15:36 /user/demo/dummy_1/text.txt
With the use screen-shot-2018-03-23-at-165124.pngof user variables now the security administrators can create more dynamic policies that dramatically reduced the amount of policies in the environment.
