I'm trying to use the Ranger HDFS plugin with internal users and internal groups. I created a policy on `/tmp` which is owned by `hdfs:hdfs` with permissions of `000`. I created a user `myuser`, a group `mygroup` and a policy `mypolicy`. The user `myuser` is part of `mygroup`. The policy `mypolicy` is read/write/execute on `/tmp`. `myuser` cannot access `/tmp` when only `mygroup` is assigned to `mypolicy`, but can when `myuser` is directly assigned to `mypolicy`. I am surely missing something here...
Are all the nodes sharing the same user/group mapping?
The NN is responsible for doing the group lookup for the user. So if the user/group mapping isn't present there, your results will not match.