I modified(tampered) a local policy file written by Ranger HDFS Plugin to test against illegal or malicious operation, but authorization rules are not changed. For example:
1. user "ohide" cannot read /user/ohide
2. admit user "ohide" to read /user/ohide by Ranger
3. confirm user "ohide" can read /user/ohide
4. delete an entry added by step 2 from a local policy cache file in NameNode host (where Ranger HDFS Plugin running)
5. try to read /user/ohide by user "ohide" and succeeded.
This behavior is appropriate I think, but I do not know and want to know how to avoid not to read tampered policy cache file. Does anyone know the answer of my question?