Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ranger Admin stops applying policy updates.

Solved Go to solution

Ranger Admin stops applying policy updates.

Contributor

1) Using HDFS DFS -ls command I see /apps/hive with permissions 777

2) Modifying permissions on /apps/hive to 700 by using HDFS DFS -chmod command 3) Now going back to Ranger and modifying permissions to HDFS policy to add users to have access to path /apps/hive/warehouse. Ranger will no longer sync with HDFS

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: Ranger Admin stops applying policy updates.

@Harini Yadav

Please check this -

Ranger will always takes 1st precedence and then POSX permissions/HDFS acl's.

Also setting "xasecure.add-hadoop-authorization" = false in ranger-hdfs-security.xml in /etc/hadoop/conf will stop the fall back to HDFS ACL.

Please check below url's for more details -

http://hortonworks.com/blog/best-practices-in-hdfs-authorization-with-apache-ranger/

https://community.hortonworks.com/questions/22054/should-we-disable-hdfs-default-acl-to-enable-range...

View solution in original post

1 REPLY 1
Highlighted

Re: Ranger Admin stops applying policy updates.

@Harini Yadav

Please check this -

Ranger will always takes 1st precedence and then POSX permissions/HDFS acl's.

Also setting "xasecure.add-hadoop-authorization" = false in ranger-hdfs-security.xml in /etc/hadoop/conf will stop the fall back to HDFS ACL.

Please check below url's for more details -

http://hortonworks.com/blog/best-practices-in-hdfs-authorization-with-apache-ranger/

https://community.hortonworks.com/questions/22054/should-we-disable-hdfs-default-acl-to-enable-range...

View solution in original post

Don't have an account?
Coming from Hortonworks? Activate your account here