Support Questions

Find answers, ask questions, and share your expertise

HDFS Ranger Plugin is not effective?


After Enable HDFS Ranger Plugin, I create policy in default service. But there is error when I execute command to read a directory. Here is the example:




can you please add execute permission along with read and retry


Yes, I add before. But it can not affect. And I see xa_portal.log not change.

can you please attach same set screenshot after you gave execute permission too, and please attache screenshot of plugin audit in ranger also ,


can you please check if policy refresh is happening , check plugin audit , on ranger ui audit tab , and see the entry for hdfs plugin audit or you can check access log in ranger admin logs.


yes, I can see in '/etc/ranger/mytest_hadoop/policycache' path there is a file named 'hdfs_mytest_hadoop.json'. the file contains policies under service 'mytest_hadoop'.

check the last time when was policy refreshed , is it before the policy edit time? then there is some issue with policy refresh that you can debug in ranger access logs and namenode logs too.

@Zhao Chaofeng

What error you see after adding execute permission?


Hi, I can use my allow user to cat the assigned directory. Such as I want to use user 'hive' to cat '/user/accumulo' after I set allowing permission in ranger policy, but when I execute the command, hdfs permission policy prevent it.