Support Questions

adamn4 · ‎10-13-2025

In Ranger, if a user is both an admin and an auditor then the auditor role is chosen. I would prefer that the highest privilege is chosen so the user should be an admin.

Is there a way to make Ranger pick Admin over Auditor?

upadhyayk04 · ‎10-13-2025

Hello @adamn4

Thank you for reaching to the Cloudera community

How are you assigning roles to users? I would to understand why two roles to a user? I thing what you are observing a default behaviour i am not sure how to over ride that

Instead, you can use the following way

https://docs.cloudera.com/cdp-private-cloud-base/7.3.1/security-ranger-user-management/topics/securi...

adamn4 · ‎10-14-2025

Hi @upadhyayk04,

I'm assigning the roles through this -
<name>ranger.usersync.group.based.role.assignment.rules</name>
<value>ROLE_SYS_ADMIN:g:ranger_admin_group&ROLE_ADMIN_AUDITOR:g:ranger_support_group</value>
</property>

A user would be part of the ranger_support group day-to-day but when a change to a policy is required they would get added to the ranger_admin group but as it stands they they would then need to get themselves taken out of the support group in order to get the admin access to make the change and then added back in after.

Is this the expected behaviour?

Cloudera Community

Support Questions

Ranger Auditor Role