Support Questions

kamiled · ‎10-27-2023

Hello,

I created several Ranger Hive policies via APi or GUI, but some of them throw error "Another policy already exists" during UPDATE policy via API or GUI too.

I am able to drop and create policy, but update should work too.

Have you any idea, what is the problem?

Best regards

Kamiled

DianaTorres · ‎10-27-2023

@kamiled Welcome to the Cloudera Community!

To help you get the best possible solution, I have tagged our Ranger experts @niparmar @vamsi_redd who may be able to assist you further.

Please keep us updated on your post, and we hope you find a satisfactory solution to your query.

Regards,

Diana Torres,
Community Moderator

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
Community Guidelines
How to use the forum

vamsi_redd · ‎10-29-2023

Hello Kamiled,

May I know how are you updating the policy? are you using post or put call? Please follow the below link.

https://cwiki.apache.org/confluence/display/RANGER/REST+APIs+for+Policy+Management#RESTAPIsforPolicy...

kamiled · ‎10-30-2023

Hi Vamsi,

typically I use

curl -i -n -X PUT -H "Accept:application/json" -H "Content-Type:application/json" "https://host:9999/service/plugins/policies/205" -d '{ "id": 205

But the same error message I got via edit policy in Ranger UI.

Weird for me is, that some policies are updated sucessfully and some not.

Regards

Kamiled

kamiled · ‎10-30-2023

TTP/1.1 100 Continue

HTTP/1.1 400 Bad Request
Set-Cookie: RANGERADMINSESSIONID=F84B46047FE2B85785E19D5923939AFA; Path=/; Secure; HttpOnly
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline';font-src 'self'
X-Permitted-Cross-Domain-Policies: none
X-Content-Type-Options: nosniff
Content-Type: application/json
Transfer-Encoding: chunked
Date: Mon, 30 Oct 2023 09:41:36 GMT
Connection: close
Server: Apache Ranger

{"statusCode":1,"msgDesc":"another policy already exists with name 'anonym_user'. ID=18"}

vamsi_redd · ‎10-31-2023

Hi @kamiled , Can you check if any similar policy exist like similar path, Database and same access in the policy id 18 as well, Please provide the screenshot of policy 18 and policy 205 and how what permissions you are trying to update on policy 205

kamiled · ‎11-01-2023

Hi Vamsi,

I copied error message for another policy. Policy has list of tables for SELECT and I need to add another table to list.

HTTP/1.1 100 Continue

HTTP/1.1 400 Bad Request
Set-Cookie: RANGERADMINSESSIONID=EC2B4EDEE72869DFDE04A78EC5550A7E; Path=/; Secure; HttpOnly
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline';font-src 'self'
X-Permitted-Cross-Domain-Policies: none
X-Content-Type-Options: nosniff
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 01 Nov 2023 15:19:14 GMT
Connection: close
Server: Apache Ranger

{"statusCode":1,"msgDesc":"another policy already exists with name 'anonym_user_ALL'. ID=205"}

kamiled · ‎11-01-2023

the same error message via Ranger UI. I added the same new table to list

Support Questions

Ranger Another policy already exists