Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Ranger KMS service not visible in Ranger Admin UI

avatar
author-rank snm1523
Expert Contributor

Created ‎11-23-2022 07:42 AM

Hello All,

 

I have just added a Ranger KMS service to a newly built CDP Cluster. When attempted to create key, got error stating "user not allowed to do create key".

 

I thought it must be related to providing privs to the user in Ranger policies for KMS service and hence, logged in to the Ranger Admin UI where I can't see Ranger KMS service itself.


I can see the plugin is enabled and responding in the plugins tab, cm_kms policy is syncing as per plugin status tab. However, service is not there. 

 

Any suggestions please.

 

Thanks

snm1523

1,298 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank Kartik_Agarwal author-rank
Master Collaborator

Created ‎12-17-2022 08:22 PM

@snm1523As per the description I see that while you are creating the key getting following error.  "user not allowed to do create key".

 

Solution: 

1. To see the cm_kms you need to login with keyadmin user in Ranger Admin. Did you tried logging in with "keyadmin" user?

Or 

2. Please login to the Ranger webUI as admin and under Settings --> Users/Groups/Roles and search 'User Name: rangerkms' Click on the rangekms user, then under roles add the keyadmin role. Save, then resume the upgrade in CM.


If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped.

View solution in original post

1,246 Views
1 REPLY 1

avatar
author-rank Kartik_Agarwal author-rank
Master Collaborator

Created ‎12-17-2022 08:22 PM

@snm1523As per the description I see that while you are creating the key getting following error.  "user not allowed to do create key".

 

Solution: 

1. To see the cm_kms you need to login with keyadmin user in Ranger Admin. Did you tried logging in with "keyadmin" user?

Or 

2. Please login to the Ranger webUI as admin and under Settings --> Users/Groups/Roles and search 'User Name: rangerkms' Click on the rangekms user, then under roles add the keyadmin role. Save, then resume the upgrade in CM.


If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped.

1,247 Views
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements