Support Questions

wnascimento · ‎07-13-2016

Hello,

I need to know if there is a way to create a hdfs/hadoop or hive user via Ranger, not via shell. I can provide or deny access to hdfs folders or files, hive tables or columns, but to the users that already exists.

Does anyone knows how I can do it?

erik_nor · ‎07-14-2016

The users created in the Ranger Admin UI are internal to Ranger. They are to be used for accessing Ranger Admin UI and nothing more.

Users with access to the cluster must be created elsewhere and then sync'd into Ranger to control their authorization.

View solution in original post

rmani · ‎07-13-2016

Ranger does not have any facility to create hadoop users in the nodes. If there are hadoop users which you want to authorize you can use Ranger Usersync to bring those into Ranger or in Ranger Admin UI you can create that user ( Settings-->Users/Groups-->Add new user) like kvarakantham had mentioned in the previous post. This enables you to create policy against those users.

wnascimento · ‎07-14-2016

Hello guys,

First of all thanks for your help.

My Ranger is already configured with Usersync, I can see that users that were created and give them permissions. My biggest question is if the user that i create on Ranger are only internal to Ranger or they can access hdfs, hive, etc...

erik_nor · ‎07-14-2016

The users created in the Ranger Admin UI are internal to Ranger. They are to be used for accessing Ranger Admin UI and nothing more.

Users with access to the cluster must be created elsewhere and then sync'd into Ranger to control their authorization.

faizan_tech21 · ‎01-09-2019

Hi,

How can I give permissions to local(Unix) user to access HDFS/hive when sync with ldap in ranger.

wnascimento · ‎07-14-2016

Hello @Erik Nor,

Thanks, do you know where is the easiest way to create cluster users (rather than via shell), for hive, hdfs etc?

erik_nor · ‎07-14-2016

There are a variety of ways, mostly dependant upon your environment. If you are using purely local accounts and want a GUI to create the users you can use Hue.

mcastro · ‎07-14-2016

Hello @Erik Nor,

we created a new Hue user, but it does not appeared in Ranger. How could we syncronize it?

erik_nor · ‎07-14-2016

That is correct, I guess I wasn't clear. Adding the user in Hue will take care of generating the user home in HDFS, but you will still need to drop to the shell to create the local user in linux. This will become cumbersome for larger clusters and is only realistic for small test clusters.

Ideally you will want to use ldap to manage your users. Whether that means using an enterprise LDAP/AD or using a tool like freeIPA and its web UI combined with Kerberos. Together these will provide you with very secure authentication while also providing a GUI to create users which can be sync'd to Ranger.

Upendra · ‎07-21-2016

Simply You can create users in AD and those will sync in Ranger.

Cloudera Community

Support Questions

Create HDFS/Hive User via Ranger