Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Documentation: Ranger policy json example incorrect HDFS and Hive example

Solved Go to solution
Highlighted

Documentation: Ranger policy json example incorrect HDFS and Hive example

New Contributor

The Create Policy Json request example given for HDFS and Hive seems to be incorrect. This applies to both 2.4 and 2.5 documentation.

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.3/bk_Security_Guide/content/ranger_rest_api_c...

http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.0/bk_security/content/ranger_rest_api_create_p...

1) The HDFS example request json lists "SELECT", "UPDATE" .. as permissions for hdfs resources which is wrong. HDFS resources has only "read","write","execute".. as allowed permissions.

2) The Hive example request json lists "Select", "Update"... as permissions with uppercase starting letter. This is not working. It works only when these are given in all lower case like "select", "update"...

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Documentation: Ranger policy json example incorrect HDFS and Hive example

Naveen Kumar Mahadevuni you first point is valid, example for hdfs and hive seems to be wrong ,thanks for pointing it out, our documentation team will fix it soon.

but I tried the second point you mentioned , passing uppercase starting letter in input json and it worked for me.

{
    "allowExceptions": [],
    "denyExceptions": [],
    "denyPolicyItems": [
        {
            "accesses": [
                {
                    "isAllowed": true,
                    "type": "drop"
                }
            ],
            "conditions": [],
            "delegateAdmin": true,
            "groups": [],
            "users": [
        "user1"
            ]
        }
    ],
    "description": "Policy for Service: cl1_test",
    "isAuditEnabled": true,
    "isEnabled": true,
    "name": "cl1_test-3",
    "policyItems": [
        {
            "accesses": [
                {
                    "isAllowed": true,
                    "type": "Select"
                },
                {
                    "isAllowed": true,
                    "type": "Update"
                },
                {
                    "isAllowed": true,
                    "type": "Create"
                },
                {
                    "isAllowed": true,
                    "type": "Drop"
                }
            ],
            "conditions": [],
            "delegateAdmin": true,
            "groups": ["public"],
            "users": [
            ]
        }
    ],
    "resources": {
        "database": {
            "isExcludes": false,
            "isRecursive": false,
            "values": [
                "abcd"
            ]
        },
        "table": {
            "isExcludes": false,
            "isRecursive": false,
            "values": [
                "*"
            ]
        },
        "column": {
            "isExcludes": false,
            "isRecursive": false,
            "values": [
                "*"
            ]
        }
    },
    "service": "hive_repo",
    "version": 1
}

can you please make sure you are using public v2 apis , and for time being following wiki will help you in ranger rest api calls:

https://cwiki.apache.org/confluence/display/RANGER/REST+APIs+for+Service+Definition%2C+Service+and+P...

3 REPLIES 3

Re: Documentation: Ranger policy json example incorrect HDFS and Hive example

Naveen Kumar Mahadevuni you first point is valid, example for hdfs and hive seems to be wrong ,thanks for pointing it out, our documentation team will fix it soon.

but I tried the second point you mentioned , passing uppercase starting letter in input json and it worked for me.

{
    "allowExceptions": [],
    "denyExceptions": [],
    "denyPolicyItems": [
        {
            "accesses": [
                {
                    "isAllowed": true,
                    "type": "drop"
                }
            ],
            "conditions": [],
            "delegateAdmin": true,
            "groups": [],
            "users": [
        "user1"
            ]
        }
    ],
    "description": "Policy for Service: cl1_test",
    "isAuditEnabled": true,
    "isEnabled": true,
    "name": "cl1_test-3",
    "policyItems": [
        {
            "accesses": [
                {
                    "isAllowed": true,
                    "type": "Select"
                },
                {
                    "isAllowed": true,
                    "type": "Update"
                },
                {
                    "isAllowed": true,
                    "type": "Create"
                },
                {
                    "isAllowed": true,
                    "type": "Drop"
                }
            ],
            "conditions": [],
            "delegateAdmin": true,
            "groups": ["public"],
            "users": [
            ]
        }
    ],
    "resources": {
        "database": {
            "isExcludes": false,
            "isRecursive": false,
            "values": [
                "abcd"
            ]
        },
        "table": {
            "isExcludes": false,
            "isRecursive": false,
            "values": [
                "*"
            ]
        },
        "column": {
            "isExcludes": false,
            "isRecursive": false,
            "values": [
                "*"
            ]
        }
    },
    "service": "hive_repo",
    "version": 1
}

can you please make sure you are using public v2 apis , and for time being following wiki will help you in ranger rest api calls:

https://cwiki.apache.org/confluence/display/RANGER/REST+APIs+for+Service+Definition%2C+Service+and+P...

Re: Documentation: Ranger policy json example incorrect HDFS and Hive example

New Contributor

Thanks @Deepak Sharma. We are using HDP 2.4. Documentation has no mention of v2 api.

Re: Documentation: Ranger policy json example incorrect HDFS and Hive example

New Contributor

Thanks @Naveen Kumar Mahadevuni & @Deepak Sharma, we will update the docs ASAP.