Support Questions
Find answers, ask questions, and share your expertise

Unable to restrict column through Ranger ( HDP2.5 sandbox)

Highlighted

Unable to restrict column through Ranger ( HDP2.5 sandbox)

Rising Star

When I gave a restriction to a column through Ranger , am able to access that through Hive command line and also in beeline command line. So does Ranger restrticts data only in Amabari view ?

Please suggest me if any more restriction is required.

10 REPLIES 10
Highlighted

Re: Unable to restrict column through Ranger ( HDP2.5 sandbox)

Can you please provide the screen shot for your resource based policy views and also the particular policy details which restricts the column access.

Highlighted

Re: Unable to restrict column through Ranger ( HDP2.5 sandbox)

Rising Star
Highlighted

Re: Unable to restrict column through Ranger ( HDP2.5 sandbox)

@Dinesh Das 1. You can specify the multiple columns in the same policy no need create multiple policies. 2. Please check if you have enabled "all - database, table, column" policy that will enable access to all.

11147-screen-shot-2017-01-05-at-105434-am.gif

If its enabled disabled it and try again.

Highlighted

Re: Unable to restrict column through Ranger ( HDP2.5 sandbox)

Rising Star

@milind pandit Not working , now I disabled all policy and enable only 1 but still can access the data through beeline cli.

emttvd02vdsientverizoncomupmhomev994292desktop7.png

Highlighted

Re: Unable to restrict column through Ranger ( HDP2.5 sandbox)

@Dinesh Das Please make sure in ranger audit->plugin log the policy is disabled as sometime it takes few sec for policy to kick in.

Re: Unable to restrict column through Ranger ( HDP2.5 sandbox)

Explorer

In Ranger, Policy Definition seems to be correct. After execution, can you please see the Ranger Audit to see if the audit entry for the access tells the policy-id that provided access for the column ?

Highlighted

Re: Unable to restrict column through Ranger ( HDP2.5 sandbox)

Rising Star

the restriction working well in Ambari>>Hive view but beeline CLI I can able to do select on all columns.

Highlighted

Re: Unable to restrict column through Ranger ( HDP2.5 sandbox)

Highlighted

Re: Unable to restrict column through Ranger ( HDP2.5 sandbox)

Contributor

@Dinesh Das From the screenshot, it looks like you have given Select permissions for the specific column.

Don't have an account?