Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to Remove all External Users from the Ranger / Ranger usersync database

Solved Go to solution
Highlighted

Re: How to Remove all External Users from the Ranger / Ranger usersync database

Contributor

log into the ranger database, and delete the following rows in order.

delete from x_group_users where added_by_id in (1,2)

delete from x_user where added_by_id in (1,2)

delete from x_group where added_by_id in (1,2)

Re: How to Remove all External Users from the Ranger / Ranger usersync database

Explorer

Using version 0.5.x. Had to modify as following.

delete from x_group_users where added_by_id in (1,2);
delete from x_policy_item_user_perm where user_id in (select id from x_user where added_by_id in (1,2));
delete from x_user where added_by_id in (1,2);
delete from x_policy_item_group_perm where group_id in (select id from x_group where added_by_id in (1,2));
delete from x_group where added_by_id in (1,2);
delete from x_user_module_perm where added_by_id in (1,2);
delete from x_portal_user_role where added_by_id in (1,2);
delete from x_portal_user where added_by_id in (1,2);
Highlighted

Re: How to Remove all External Users from the Ranger / Ranger usersync database

Contributor

I have a follow up question on this.

Lets say I removed all the users from Ranger which were synced from a local unix server and then re-configured to sync users from an AD domain/group. In this case, do II need to create "hive" user on that particular AD group before I can create a policy to let hive queries run as hive user instead of end users on the cluster? what about other service accounts like mapred, yarn etc .. do I need to create all those accounts on AD? please advise.

Highlighted

Re: How to Remove all External Users from the Ranger / Ranger usersync database

Yes, if the users are removed from Ranger DB, service users also need to be re-sync'ed.

Highlighted

Re: How to Remove all External Users from the Ranger / Ranger usersync database

Super Collaborator

@Ancil McBarnett

You can also go for a full reset of the ranger_admin databases by following these steps:

https://cwiki.apache.org/confluence/display/RANGER/Manual+Reinstallation+of+Ranger-admin

I had to go for this option after my manual interventions with the database led to problems on the Ranger WebUI. Downside of this is that the Ranger plugin services also have to be reconfigured, so beware

Don't have an account?
Coming from Hortonworks? Activate your account here