Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

HDP 2.5 Ranger dont have "Deny" or "Policy Condition"

avatar
author-rank alarsen
Contributor

Created on ‎10-24-2016 08:39 AM - edited ‎08-18-2019 06:25 AM

Hi,

When I login in the Sandbox 2.5 (VMWare).

Ranger don't contain any option for "Deny" or "Policy Condition" only through "Tag based..".

In the documentation a screendump and description is showed with Hive and "Deny" condition.

Link: https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.0/bk_security/content/about_ranger_policies.h...

Questions

1) Is there anything that which need to be enable to get this to work?

2) Is "Policy Condition" possible in Resource-Based Policy or only in "Tag based.."

/ Anders

8836-untitled.png

2,539 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank tstebbens
Expert Contributor

Created ‎10-24-2016 11:19 AM

There are two types of policies in Ranger - resource based policies and tag based policies. The Policy Conditions only apply to tag based policies. If you go to the Ranger Admin UI and click on Access Manager > Tag Based Policies then click on your tag service you'll be able to add a tag based policy with the Policy Conditions you require. There's more information here: Tag Based Policies

View solution in original post

1,759 Views
0 Kudos
4 REPLIES 4

avatar
author-rank tstebbens
Expert Contributor

Created ‎10-24-2016 08:45 AM

@Anders Boje Larsen Deny policies are only enabled for service definitions that have property enableDenyAndExceptionsInPolicies = true and are off by default for all services. You'll need to update the service definitions for the services you want deny policies for. This page has the required information: Deny-conditions and excludes in Ranger policies

1,759 Views
0 Kudos

avatar
author-rank alarsen
Contributor

Created on ‎10-24-2016 09:49 AM - edited ‎08-18-2019 06:25 AM

Thx @Terry Stebbens, would this also enable "Policy conditions" option?

8806-capture.png

1,759 Views
0 Kudos

avatar
author-rank tstebbens
Expert Contributor

Created ‎10-24-2016 11:19 AM

There are two types of policies in Ranger - resource based policies and tag based policies. The Policy Conditions only apply to tag based policies. If you go to the Ranger Admin UI and click on Access Manager > Tag Based Policies then click on your tag service you'll be able to add a tag based policy with the Policy Conditions you require. There's more information here: Tag Based Policies

1,760 Views
0 Kudos

avatar
author-rank alarsen
Contributor

Created ‎10-24-2016 01:13 PM

Okay.. Was hoping this feature could be or will be avalible in Resource Based. One case could be data in HDFS which only should be allowed to acces data based on location or a time perioed.

1,759 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera DataFlow 2.9 now supports building GenAI pipelines ...
What's New @ Cloudera
Accelerate Data Scientist Productivity with Cloudera Copilot...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
Community Announcements
October 2024 Community Highlights
What's New @ Cloudera
Accelerate Your AI with the Cloudera AI Inference Service wi...
View More Announcements