Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Ranger policies not applied to HDFS and Hive

Labels:
avatar
author-rank Artem_Kuzin
New Contributor

Created ‎06-04-2025 12:14 AM

Hello,
We have noticed that Ranger policies are no longer being enforced in HDFS and Hive in our CDP 7.3.1 cluster. Users are able to access data despite explicit deny or allow rules configured in the Ranger UI.

Details:

  • Ranger UI is up and running; all policies are visible and enabled.

  • HDFS and Hive services do not reflect the expected access restrictions.

  • Restarting Ranger, Hive, and HDFS services did not resolve the issue.

  • We are not sure when the issue started.

Could you please assist us in identifying why the Ranger policies are no longer being enforced in HDFS and Hive? Let us know what additional logs or configurations would help with troubleshooting.

325 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank vats author-rank
Expert Contributor

Created ‎06-11-2025 02:18 AM

Hello @Artem_Kuzin 

I looked into this issue and it appears to be a bug in CDP version 7.3.1, which has been resolved in version 7.3.2.0

View solution in original post

210 Views
0 Kudos
3 REPLIES 3

avatar
author-rank MattWho author-rank
Master Mentor

Created ‎06-04-2025 06:43 AM

@Artem_Kuzin 

I suggest starting with logging in to Ranger UI and verifying under "Audit" --> "Plugin Status" that your HDFS and Hive services are reported as having downloaded and made active the latest updated policies.

If they  have not, I start checking the HDFS and Hive logs for any logging related to issues connecting or fetching policies json from Ranger.

Beyond above, I'd recommend that you open a support case with Cloudera (assuming you have a valid support license) where you can securely share your configuration and logs for more in-depth troubleshooting assistance with this issue.

Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt

301 Views
0 Kudos

avatar
author-rank Artem_Kuzin
New Contributor

Created ‎06-04-2025 10:20 PM

Hi Matt,

Thank you for your suggestions.

We've confirmed that all plugins, including HDFS and Hive, have successfully downloaded and activated the latest policies as reflected in the Ranger UI → Audit → Plugin Status.

However, after enabling Ranger Authorization on the HDFS side, we are seeing recurring warnings in the logs every minute:

WARN RangerAuditMetricRESTClient RangerAdminRESTClient.handleJwt(): Since JWTokenRetriver init failed, skipping JWT auth.
WARN RangerRESTClient RangerRESTClient.handleJwt(): Since JWTokenRetriver is null, skipping JWT auth.

We are not using JWT in our environment — Kerberos is in place for authentication. Maybe this is related to the issue, and Ranger policies are being ignored.

282 Views
0 Kudos

avatar
author-rank vats author-rank
Expert Contributor

Created ‎06-11-2025 02:18 AM

Hello @Artem_Kuzin 

I looked into this issue and it appears to be a bug in CDP version 7.3.1, which has been resolved in version 7.3.2.0

211 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering Adds Suspend and Resume, Git Integ...
Community Announcements
June 2025 Community Highlights
Community Announcements
May 2025 Community Highlights
What's New @ Cloudera
Announcing availability of Spark 3.5 on Cloudera Unified Run...
What's New @ Cloudera
Cloudera Operational Database supports Security-Enhanced Lin...
View More Announcements