Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Groups are not working with the HDFS Ranger plugin

Groups are not working with the HDFS Ranger plugin

New Contributor

Hello,

I'm trying to use the Ranger HDFS plugin with internal users and internal groups. I created a policy on `/tmp` which is owned by `hdfs:hdfs` with permissions of `000`. I created a user `myuser`, a group `mygroup` and a policy `mypolicy`. The user `myuser` is part of `mygroup`. The policy `mypolicy` is read/write/execute on `/tmp`. `myuser` cannot access `/tmp` when only `mygroup` is assigned to `mypolicy`, but can when `myuser` is directly assigned to `mypolicy`. I am surely missing something here...

David

2 REPLIES 2

Re: Groups are not working with the HDFS Ranger plugin

Are all the nodes sharing the same user/group mapping?

The NN is responsible for doing the group lookup for the user. So if the user/group mapping isn't present there, your results will not match.

Re: Groups are not working with the HDFS Ranger plugin

New Contributor

Thanks, are you saying that the user/group mapping must also be done at the OS level on the NameNode?