What are you trying to achieve with this? If it is a non-kerberos
cluster, if you have network access to the cluster, it will still leave
holes for a user to go in as any other user. Just blocking hadoop fs
access is not possible (unless you block full hadoop command) and it is
not going to help
You need to go with Kerberos for security and authentication AND then ranger or ACLs for authorization.