Created 11-23-2022 07:42 AM
Hello All,
I have just added a Ranger KMS service to a newly built CDP Cluster. When attempted to create key, got error stating "user not allowed to do create key".
I thought it must be related to providing privs to the user in Ranger policies for KMS service and hence, logged in to the Ranger Admin UI where I can't see Ranger KMS service itself.
I can see the plugin is enabled and responding in the plugins tab, cm_kms policy is syncing as per plugin status tab. However, service is not there.
Any suggestions please.
Thanks
snm1523
Created 12-17-2022 08:22 PM
@snm1523As per the description I see that while you are creating the key getting following error. "user not allowed to do create key".
Solution:
1. To see the cm_kms you need to login with keyadmin user in Ranger Admin. Did you tried logging in with "keyadmin" user?
Or
2. Please login to the Ranger webUI as admin and under Settings --> Users/Groups/Roles and search 'User Name: rangerkms' Click on the rangekms user, then under roles add the keyadmin role. Save, then resume the upgrade in CM.
If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped.
Created 12-17-2022 08:22 PM
@snm1523As per the description I see that while you are creating the key getting following error. "user not allowed to do create key".
Solution:
1. To see the cm_kms you need to login with keyadmin user in Ranger Admin. Did you tried logging in with "keyadmin" user?
Or
2. Please login to the Ranger webUI as admin and under Settings --> Users/Groups/Roles and search 'User Name: rangerkms' Click on the rangekms user, then under roles add the keyadmin role. Save, then resume the upgrade in CM.
If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped.