Support Questions

nmahadevuni1 · ‎03-06-2017

The Create Policy Json request example given for HDFS and Hive seems to be incorrect. This applies to both 2.4 and 2.5 documentation.

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.3/bk_Security_Guide/content/ranger_rest_api_c...

http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.0/bk_security/content/ranger_rest_api_create_p...

1) The HDFS example request json lists "SELECT", "UPDATE" .. as permissions for hdfs resources which is wrong. HDFS resources has only "read","write","execute".. as allowed permissions.

2) The Hive example request json lists "Select", "Update"... as permissions with uppercase starting letter. This is not working. It works only when these are given in all lower case like "select", "update"...

dsharma · ‎03-06-2017

Naveen Kumar Mahadevuni you first point is valid, example for hdfs and hive seems to be wrong ,thanks for pointing it out, our documentation team will fix it soon.

but I tried the second point you mentioned , passing uppercase starting letter in input json and it worked for me.

{
    "allowExceptions": [],
    "denyExceptions": [],
    "denyPolicyItems": [
        {
            "accesses": [
                {
                    "isAllowed": true,
                    "type": "drop"
                }
            ],
            "conditions": [],
            "delegateAdmin": true,
            "groups": [],
            "users": [
        "user1"
            ]
        }
    ],
    "description": "Policy for Service: cl1_test",
    "isAuditEnabled": true,
    "isEnabled": true,
    "name": "cl1_test-3",
    "policyItems": [
        {
            "accesses": [
                {
                    "isAllowed": true,
                    "type": "Select"
                },
                {
                    "isAllowed": true,
                    "type": "Update"
                },
                {
                    "isAllowed": true,
                    "type": "Create"
                },
                {
                    "isAllowed": true,
                    "type": "Drop"
                }
            ],
            "conditions": [],
            "delegateAdmin": true,
            "groups": ["public"],
            "users": [
            ]
        }
    ],
    "resources": {
        "database": {
            "isExcludes": false,
            "isRecursive": false,
            "values": [
                "abcd"
            ]
        },
        "table": {
            "isExcludes": false,
            "isRecursive": false,
            "values": [
                "*"
            ]
        },
        "column": {
            "isExcludes": false,
            "isRecursive": false,
            "values": [
                "*"
            ]
        }
    },
    "service": "hive_repo",
    "version": 1
}

can you please make sure you are using public v2 apis , and for time being following wiki will help you in ranger rest api calls:

https://cwiki.apache.org/confluence/display/RANGER/REST+APIs+for+Service+Definition%2C+Service+and+P...

View solution in original post

dsharma · ‎03-06-2017

Naveen Kumar Mahadevuni you first point is valid, example for hdfs and hive seems to be wrong ,thanks for pointing it out, our documentation team will fix it soon.

but I tried the second point you mentioned , passing uppercase starting letter in input json and it worked for me.

{
    "allowExceptions": [],
    "denyExceptions": [],
    "denyPolicyItems": [
        {
            "accesses": [
                {
                    "isAllowed": true,
                    "type": "drop"
                }
            ],
            "conditions": [],
            "delegateAdmin": true,
            "groups": [],
            "users": [
        "user1"
            ]
        }
    ],
    "description": "Policy for Service: cl1_test",
    "isAuditEnabled": true,
    "isEnabled": true,
    "name": "cl1_test-3",
    "policyItems": [
        {
            "accesses": [
                {
                    "isAllowed": true,
                    "type": "Select"
                },
                {
                    "isAllowed": true,
                    "type": "Update"
                },
                {
                    "isAllowed": true,
                    "type": "Create"
                },
                {
                    "isAllowed": true,
                    "type": "Drop"
                }
            ],
            "conditions": [],
            "delegateAdmin": true,
            "groups": ["public"],
            "users": [
            ]
        }
    ],
    "resources": {
        "database": {
            "isExcludes": false,
            "isRecursive": false,
            "values": [
                "abcd"
            ]
        },
        "table": {
            "isExcludes": false,
            "isRecursive": false,
            "values": [
                "*"
            ]
        },
        "column": {
            "isExcludes": false,
            "isRecursive": false,
            "values": [
                "*"
            ]
        }
    },
    "service": "hive_repo",
    "version": 1
}

can you please make sure you are using public v2 apis , and for time being following wiki will help you in ranger rest api calls:

https://cwiki.apache.org/confluence/display/RANGER/REST+APIs+for+Service+Definition%2C+Service+and+P...

nmahadevuni1 · ‎03-06-2017

Thanks @Deepak Sharma. We are using HDP 2.4. Documentation has no mention of v2 api.

dhoyle · ‎03-06-2017

Thanks @Naveen Kumar Mahadevuni & @Deepak Sharma, we will update the docs ASAP.

Cloudera Community

Support Questions

Documentation: Ranger policy json example incorrect HDFS and Hive example