Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How are multiple Ranger resource based services affecting authorization ?

Solved Go to solution
Highlighted

How are multiple Ranger resource based services affecting authorization ?

New Contributor

One can create multiple resource based services in Ranger Service Manager, but it seems only one is active at any moment in time. True ? What determines this ?

E.g. I created 2 identical HDFS services: "hdfs_service1", and "hdfs_service2", both enabled. Then I create a number of policies in each.

Are both services active at the same time ? What determines which is active, and the policies that will be enforced ?

Furthermore, I can create 2 identical Tag based service: "tag1", and "tag2". Now I set the tag service of "hdfs_service1" to "tag1", and "hdfs_service2" to "tag2". Again, which one will be active ?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: How are multiple Ranger resource based services affecting authorization ?

New Contributor

No answers, so I had do do more digging.

It turns out one can only have ONE HDFS (or Hive for that matter) resource based service active at one time, and the value is set in /etc/hadoop/conf/ranger-hdfs-security.xml , key ranger.plugin.hdfs.service.name

Moreover, when set through Ambari, the service name is always <cluster_name>_hadoop (some say it's _hdfs, but I definitely see it as _hadoop in HDP 2.6.3

So, play as much as you want in the Ranger UI, create services, change names, that is just a a fake UI. The real work is done in the /etc/hadoop/conf/ranger-hdfs-security.xml

Thanks guys for making it so straightforward.

2 REPLIES 2

Re: How are multiple Ranger resource based services affecting authorization ?

New Contributor

No answers, so I had do do more digging.

It turns out one can only have ONE HDFS (or Hive for that matter) resource based service active at one time, and the value is set in /etc/hadoop/conf/ranger-hdfs-security.xml , key ranger.plugin.hdfs.service.name

Moreover, when set through Ambari, the service name is always <cluster_name>_hadoop (some say it's _hdfs, but I definitely see it as _hadoop in HDP 2.6.3

So, play as much as you want in the Ranger UI, create services, change names, that is just a a fake UI. The real work is done in the /etc/hadoop/conf/ranger-hdfs-security.xml

Thanks guys for making it so straightforward.

Re: How are multiple Ranger resource based services affecting authorization ?

New Contributor

Avalanches are another main concern in the park and can appear at any time in the year. Park rangers try to teach guests about areas of the park assignment help companies responsive to avalanches and how to watch for caution signs. They are also involved in research and rescue works in the case of a flood occurrence.

Don't have an account?
Coming from Hortonworks? Activate your account here