Hello,
When i run hive commands, ranger audit is picking up my user name with Capitals e.g "John.Doe".
When I do HDFS Commands, its lower case "john.doe"
My Principal is: John.Doe@CORP.AD and we have auth-to-local rules to convert this to all lower case. (john.doe)
In ranger we are also doing ranger.user.sync case conversion to lower so if we use user policies, only hdfs will work (e.g. i appear as john.doe in users and since Hive comes in as "John.Doe" user policies dont get applied).
Example: CREATE TABLE test.permtest (field1 int); - the location of this folder is /data/2017
[john.doe@edge1 ~]$ hdfs dfs -ls /data/2017/
drwxr-xr-x - John.Doe hdfs 0 2017-05-02 20:43 /data/2017/permtest
As you can see from the above, the table gets created with the ACL permissions as John.Doe.
-------
Now when I do HDFS commands, e.g. it comes up as expected (john.doe - lower case)
[john.doe@edge1 ~]$ hdfs dfs -mkdir /data/2017/permtest1
drwxr-xr-x - John.Doe hdfs 0 2017-05-02 20:43 /data/2017/permtest
drwxr-xr-x - john.doe hdfs 0 2017-05-02 20:44 /data/2017/permtest1
The John.Doe and john.doe is what gets passed to ranger for authorization and this is a problem since user ranger sync brings over "john.doe" and so any Hive policies wont work.
Any ideas?
