Support Questions

Find answers, ask questions, and share your expertise
Check out our newest addition to the community, the Cloudera Data Analytics (CDA) group hub.

Ranger policy for logical AND group membership conditions (multiple groups)


HOw do i define AND in the Ranger Hive access- allow condition ?

(QA Cluster) AND (published zone) AND (Default Data group) à Allow Access per the permissions set in the policy.

If a user is not part of ALL THREE groups, then they would not be granted access.

What we’ve seen is whether we build the policy with all three groups in the same Allow policy row, or add them as successive Allow rows under the same policy, in both cases Ranger treats these as logical “OR” cases, where we need it to be a logical “AND”.


Unfortunately I do not think if that is possible in Ranger.

Only solution is to create a new group with your requirements.

Shashank Rathore

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.