Created on 03-23-2017 08:26 AM - edited 08-18-2019 03:38 AM
After Enable HDFS Ranger Plugin, I create policy in default service. But there is error when I execute command to read a directory. Here is the example:
Created 03-23-2017 08:36 AM
can you please add execute permission along with read and retry
Created 03-23-2017 08:47 AM
Yes, I add before. But it can not affect. And I see xa_portal.log not change.
Created 03-23-2017 09:30 AM
can you please attach same set screenshot after you gave execute permission too, and please attache screenshot of plugin audit in ranger also ,
Created on 03-23-2017 09:59 AM - edited 08-18-2019 03:38 AM
Created 03-23-2017 10:20 AM
can you please check if policy refresh is happening , check plugin audit , on ranger ui audit tab , and see the entry for hdfs plugin audit or you can check access log in ranger admin logs.
Created 03-23-2017 11:05 AM
yes, I can see in '/etc/ranger/mytest_hadoop/policycache' path there is a file named 'hdfs_mytest_hadoop.json'. the file contains policies under service 'mytest_hadoop'.
Created 03-23-2017 01:19 PM
check the last time when was policy refreshed , is it before the policy edit time? then there is some issue with policy refresh that you can debug in ranger access logs and namenode logs too.
Created 03-23-2017 10:23 AM
Created 03-23-2017 10:28 AM
Hi, I can use my allow user to cat the assigned directory. Such as I want to use user 'hive' to cat '/user/accumulo' after I set allowing permission in ranger policy, but when I execute the command, hdfs permission policy prevent it.