Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

HDFS Ranger Plugin is not effective?

Labels:
amazon20062007
Contributor

Created on ‎03-23-2017 08:26 AM - edited ‎08-18-2019 03:38 AM

After Enable HDFS Ranger Plugin, I create policy in default service. But there is error when I execute command to read a directory. Here is the example:

13960-selection-027.png

13991-selection-028.png

1,953 Views
0 Kudos
9 REPLIES 9

dsharma
Guru

Created ‎03-23-2017 08:36 AM

can you please add execute permission along with read and retry

1,821 Views

amazon20062007
Contributor

Created ‎03-23-2017 08:47 AM

Yes, I add before. But it can not affect. And I see xa_portal.log not change.

1,821 Views
0 Kudos

dsharma
Guru

Created ‎03-23-2017 09:30 AM

can you please attach same set screenshot after you gave execute permission too, and please attache screenshot of plugin audit in ranger also ,

1,821 Views

amazon20062007
Contributor

Created on ‎03-23-2017 09:59 AM - edited ‎08-18-2019 03:38 AM

OK.

13998-selection-033.png

hdfs-ranger-audit-bigdata001istuarycom.txt

Preview file
495 KB
1,821 Views
0 Kudos

dsharma
Guru

Created ‎03-23-2017 10:20 AM

can you please check if policy refresh is happening , check plugin audit , on ranger ui audit tab , and see the entry for hdfs plugin audit or you can check access log in ranger admin logs.

1,821 Views

amazon20062007
Contributor

Created ‎03-23-2017 11:05 AM

yes, I can see in '/etc/ranger/mytest_hadoop/policycache' path there is a file named 'hdfs_mytest_hadoop.json'. the file contains policies under service 'mytest_hadoop'.

1,821 Views
0 Kudos

dsharma
Guru

Created ‎03-23-2017 01:19 PM

check the last time when was policy refreshed , is it before the policy edit time? then there is some issue with policy refresh that you can debug in ranger access logs and namenode logs too.

1,821 Views

rpathak
Guru

Created ‎03-23-2017 10:23 AM

@Zhao Chaofeng

What error you see after adding execute permission?

1,821 Views
0 Kudos

amazon20062007
Contributor

Created ‎03-23-2017 10:28 AM

Hi, I can use my allow user to cat the assigned directory. Such as I want to use user 'hive' to cat '/user/accumulo' after I set allowing permission in ranger policy, but when I execute the command, hdfs permission policy prevent it.

1,821 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
Community Announcements
March 2023 Community Highlights
What's New @ Cloudera
Cloudera DataFlow Designer for self-service data flow development is now generally available to all CDP Public Cloud customers
What's New @ Cloudera
Cloudera Operational Database (COD) UI provides the JWT configuration details to connect to your HBase client
What's New @ Cloudera
Cloudera Operational Database (COD) UI allows storage type selection when creating an operational database
What's New @ Cloudera
Release of Cloudera Streaming Analytics (CSA) 1.9.0 for CDP 7.1.7 SP2 & CDP 7.1.8
View More Announcements