Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Create HDFS/Hive User via Ranger

Solved Go to solution
Highlighted

Create HDFS/Hive User via Ranger

Explorer

Hello,

I need to know if there is a way to create a hdfs/hadoop or hive user via Ranger, not via shell. I can provide or deny access to hdfs folders or files, hive tables or columns, but to the users that already exists.

Does anyone knows how I can do it?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: Create HDFS/Hive User via Ranger

New Contributor

The users created in the Ranger Admin UI are internal to Ranger. They are to be used for accessing Ranger Admin UI and nothing more.

Users with access to the cluster must be created elsewhere and then sync'd into Ranger to control their authorization.

View solution in original post

9 REPLIES 9
Highlighted

Re: Create HDFS/Hive User via Ranger

Expert Contributor

Ranger does not have any facility to create hadoop users in the nodes. If there are hadoop users which you want to authorize you can use Ranger Usersync to bring those into Ranger or in Ranger Admin UI you can create that user ( Settings-->Users/Groups-->Add new user) like kvarakantham had mentioned in the previous post. This enables you to create policy against those users.

Highlighted

Re: Create HDFS/Hive User via Ranger

Explorer

Hello guys,

First of all thanks for your help.

My Ranger is already configured with Usersync, I can see that users that were created and give them permissions. My biggest question is if the user that i create on Ranger are only internal to Ranger or they can access hdfs, hive, etc...

Highlighted

Re: Create HDFS/Hive User via Ranger

New Contributor

The users created in the Ranger Admin UI are internal to Ranger. They are to be used for accessing Ranger Admin UI and nothing more.

Users with access to the cluster must be created elsewhere and then sync'd into Ranger to control their authorization.

View solution in original post

Highlighted

Re: Create HDFS/Hive User via Ranger

New Contributor

Hi,

How can I give permissions to local(Unix) user to access HDFS/hive when sync with ldap in ranger.

Re: Create HDFS/Hive User via Ranger

Explorer

Hello @Erik Nor,

Thanks, do you know where is the easiest way to create cluster users (rather than via shell), for hive, hdfs etc?

Highlighted

Re: Create HDFS/Hive User via Ranger

New Contributor

There are a variety of ways, mostly dependant upon your environment. If you are using purely local accounts and want a GUI to create the users you can use Hue.

Highlighted

Re: Create HDFS/Hive User via Ranger

New Contributor

Hello @Erik Nor,

we created a new Hue user, but it does not appeared in Ranger. How could we syncronize it?

Highlighted

Re: Create HDFS/Hive User via Ranger

New Contributor

That is correct, I guess I wasn't clear. Adding the user in Hue will take care of generating the user home in HDFS, but you will still need to drop to the shell to create the local user in linux. This will become cumbersome for larger clusters and is only realistic for small test clusters.

Ideally you will want to use ldap to manage your users. Whether that means using an enterprise LDAP/AD or using a tool like freeIPA and its web UI combined with Kerberos. Together these will provide you with very secure authentication while also providing a GUI to create users which can be sync'd to Ranger.

Highlighted

Re: Create HDFS/Hive User via Ranger

Explorer

Simply You can create users in AD and those will sync in Ranger.

Don't have an account?
Coming from Hortonworks? Activate your account here