I am trying to perform Hadoop Group Mapping without SSSD/Centrify, but through the core-site.xml configuration.
Ranger UserSync is successfully adding all the users with groups to Ranger, and when I run:
hdfs groups <username>
, the corresponding group matches the groups in both Ranger and AD (the case is also matched). But when I try to run the Hive query with the user that has the group policy for accessing the database, I am getting Permission denied error.
What might be the cause of this behavior? According to the documentation, this should work without the SSSD/Centrify, but only through core-site.xml configuration. Any experiences on how to fix this without going to the OS level AD sync with SSSD/Centrify?
P.S. When group policy is defined in Ranger for HDFS access, it works, and for Hive it's not applied.