Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

User can still see / read on paths that it does not own

Labels:
avatar
author-rank menorah84
Expert Contributor

Created ‎11-22-2016 10:27 AM

I have set a Ranger policy enabling a certain newuser to read/write/execute only on his own home directory in HDFS, say /user/<newuser>. While the policy certainly works on his own path, however, I do not want newuser to be able to read directories and files outside its own, which still happens when I do:

hadoop fs -ls /

Or on some other directories. Same thing happens when newuser is logged in in Hue.

How do I do this in Ranger?

1,115 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank agillan author-rank
Guru

Created ‎11-22-2016 10:32 AM

Hi @J. D. Bacolod - please see this article I wrote a while ago which explains how Ranger works: https://community.hortonworks.com/content/kbentry/49177/how-do-ranger-policies-work-in-relation-to-h...

From HDP 2.5, there is also the potential to Deny access explicitly via a Deny policy. See this article on how to enable them: https://community.hortonworks.com/content/kbentry/61208/how-to-enable-deny-conditions-and-excludes-i...

Hope this helps!

View solution in original post

1,057 Views
2 REPLIES 2

avatar
author-rank dsharma author-rank
Guru

Created ‎11-22-2016 10:29 AM

that is because HDFS posix permission is there on base dir , so make that is 000

1,057 Views

avatar
author-rank agillan author-rank
Guru

Created ‎11-22-2016 10:32 AM

Hi @J. D. Bacolod - please see this article I wrote a while ago which explains how Ranger works: https://community.hortonworks.com/content/kbentry/49177/how-do-ranger-policies-work-in-relation-to-h...

From HDP 2.5, there is also the potential to Deny access explicitly via a Deny policy. See this article on how to enable them: https://community.hortonworks.com/content/kbentry/61208/how-to-enable-deny-conditions-and-excludes-i...

Hope this helps!

1,058 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements