About vperiasamy

vperiasamy · ‎06-15-2017

@Sridhar Reddy - HDFS/Ranger permissions will continue to work as-is on encryption zone. If there are audit logs, please check how the user is getting read access to the folder (whether through Ranger ACL or Hadoop ACL). Refer this link for KMS ACL.

vperiasamy · ‎06-15-2017

1] Since KMS supports HDFS TDE (Transparent data encryption), client will decrypt the file during read so real content will be shown. If interested in seeing actual encrypted data, /.reserved/raw/<directory-path>/<filename> can be used. 2] Since the entire hive warehouse or hbase data dir is encrypted with HDFS TDE, column level encryption is not required. 3] If hive doAs is false, then hive user needs to be setup as proxy user in KMS.

vperiasamy · ‎06-05-2017

yes, i believe the hostname should match.

vperiasamy · ‎06-05-2017

Can you check if you have rules to translate kerberos principal to short username?

vperiasamy · ‎05-12-2017

Can you verify if commons-io-2.4.jar is in classpath? If that jar is in classpath and this error persists, see copying that jar to /usr/hdp/<version>/ranger-admin/ews/lib/ resolves the issue.

vperiasamy · ‎05-05-2017

/tmp/hive is used for intermediate data by hive.

vperiasamy · ‎05-03-2017

Starting from HDP 2.5.3, you don't need to setup separate lookup users mentioned in that link (for kerberized environments).

vperiasamy · ‎04-25-2017

Check hadoop.security.key.provider.path in core-site.xml and dfs.encryption.key.provider.uri in hdfs-site.xml. They have to be configured to point to the KMS URI.

vperiasamy · ‎04-24-2017

Main purpose of amb_ranger_admin is for ambari to communicate to ranger to create ranger repositories (when ranger plugins get enabled). In kerberos enabled clusters, starting from HDP 2.5/Ambari 2.4, service keytabs are used for the above purpose. Hence amb_ranger_admin is applicable only for non kerberos environments. What version of HDP are you using?

vperiasamy · ‎04-04-2017

From HDP 2.5 onwards, ranger does not require 2-way SSL in kerberos env

Online	Offline
Last Visited	‎04-26-2023 11:37 AM

Member Since	‎09-10-2015 10:36 PM
Last Visited	‎04-26-2023 11:37 AM
Posts	261
Kudos received	85

Cloudera Community

Re: ranger doesn't show resource based policies

Re: Ranger and Ranger-Kms relation

Re: "Java patch PatchPasswordEncryption_J10001 is ...

Re: Unable to log storm audit events to hdfs (sand...

Re: ranger user sync from text file

Re: Ranger KMS functionality behavior

Re: Ranger KMS functionality behavior

Re: NiFi - Insufficient Privileges usoing Ranger

Re: NiFi - Insufficient Privileges usoing Ranger

Re: Ranger UI is not accessible with Context initi...

Re: Anonymous user requests to access on Hive HDFS...

Re: amb_ranger_admin/ranger_admin_username user on...

Re: Able to write into an encryption zone but unab...

Re: amb_ranger_admin/ranger_admin_username user on...

Re: Configure SSL between Ranger and Rager HDFS pl...