Created 06-09-2016 10:18 PM
Created 06-09-2016 10:38 PM
Groups stored in Ranger DB are used only for displaying in Ranger UI and at the time of policy authoring.
At run time, component (in your example Hive) should pass along the group information of the authenticated user to ranger plugin. Typically you can run "hdfs groups <user>" to find out what groups does the user belong to. Expectation is that Components will use the same source as Ranger to provide users/groups mapping.
Created 06-09-2016 10:38 PM
Groups stored in Ranger DB are used only for displaying in Ranger UI and at the time of policy authoring.
At run time, component (in your example Hive) should pass along the group information of the authenticated user to ranger plugin. Typically you can run "hdfs groups <user>" to find out what groups does the user belong to. Expectation is that Components will use the same source as Ranger to provide users/groups mapping.
Created 06-09-2016 10:42 PM
Thanks for the answer @vperiasamy. So if Ranger usersync source is AD, Hive would try and get user's groups info from AD and as far as I know, store the frequently used user's info in a cache? Also cache gets updated when AD is updated with the user's info?
Created 06-09-2016 10:47 PM
Provided Hive also is configured to use AD to get the right groups.
Please see this -- http://hortonworks.com/blog/hadoop-groupmapping-ldap-integration/