Support Questions

Find answers, ask questions, and share your expertise

Ranger policies not working for some groups

avatar
Super Collaborator

Hi,

I have a strange problem. I have configured Ranger Usersync with AD and it works good. All groups, users and group membership are synced correctly. Problem scenario: user1 belongs to groups group1 and group2. When I create policy (no matter what kind of - hdfs, hive, hbase) for group1, user1 has access. But when I create policy for group2, user1 does not have access. Both groups are returned when I run "hdfs groups user1". In Ranger GUI user1 belongs to both groups. The cluster was Kerberized one week ago, and I do not remember if both groups were working before Kerberos. HDP2.5 and Ranger 0.6.0. This is not a sandbox cluster. There are no errors in ranger/usersync logs.

Do you have any ideas?

1 ACCEPTED SOLUTION

avatar
Super Collaborator

The problem was with case conversion. I got firstly Upper case conversion for groups, then created some policies, then changed to none conversion, but in .json files were still appearing Upper case converted group names

View solution in original post

2 REPLIES 2

avatar
Super Collaborator

The problem was with case conversion. I got firstly Upper case conversion for groups, then created some policies, then changed to none conversion, but in .json files were still appearing Upper case converted group names

avatar
Contributor

Can you specify the location of json files which needs to be checked.