Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ranger Admin stops applying policy updates.

Solved Go to solution
Highlighted

Ranger Admin stops applying policy updates.

Contributor

1) Using HDFS DFS -ls command I see /apps/hive with permissions 777

2) Modifying permissions on /apps/hive to 700 by using HDFS DFS -chmod command 3) Now going back to Ranger and modifying permissions to HDFS policy to add users to have access to path /apps/hive/warehouse. Ranger will no longer sync with HDFS

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Ranger Admin stops applying policy updates.

@Harini Yadav

Please check this -

Ranger will always takes 1st precedence and then POSX permissions/HDFS acl's.

Also setting "xasecure.add-hadoop-authorization" = false in ranger-hdfs-security.xml in /etc/hadoop/conf will stop the fall back to HDFS ACL.

Please check below url's for more details -

http://hortonworks.com/blog/best-practices-in-hdfs-authorization-with-apache-ranger/

https://community.hortonworks.com/questions/22054/should-we-disable-hdfs-default-acl-to-enable-range...

1 REPLY 1

Re: Ranger Admin stops applying policy updates.

@Harini Yadav

Please check this -

Ranger will always takes 1st precedence and then POSX permissions/HDFS acl's.

Also setting "xasecure.add-hadoop-authorization" = false in ranger-hdfs-security.xml in /etc/hadoop/conf will stop the fall back to HDFS ACL.

Please check below url's for more details -

http://hortonworks.com/blog/best-practices-in-hdfs-authorization-with-apache-ranger/

https://community.hortonworks.com/questions/22054/should-we-disable-hdfs-default-acl-to-enable-range...