@kothari  It is not Ranger's job to inform the client applications using Ranger what users belong to what group.  Each client application is responsible for determining which groups the user authenticated into that service belong to. The policies generated by Ranger are downloaded by the client applications.  Within that downloaded policy json will be a resource identifier(s), list if user identities authorized (read, write, and/or delete) , and list of group identities authorized (read, write, or delete) against each resource identifier.  So when client checks the downloaded policies from Ranger it is looking for the user identity being authorized and if client is aware of the group(s) that user belongs to, will also check authorization for that group identity.   so in your case, it i s most likely that your client service/application has not been configured with the same user and group association setup in your Ranger service.   If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped. Thank you, Matt ... View more

@Kaher Could you find out what's the value you have set for "tez.staging-dir"; if it's not set, the default path is /tmp/${user.name}/staging. Do verify if there is any issue with the /tmp filesystem. Also, there is a dash missing in the following value: <name>tez.am.java.opts</name> <value>-Xmx2024m</value> ... View more

@abdullahvvs Has the reply helped resolve your issue? If so, please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future. Thanks. ... View more

Thank you, @cotopaul !! I'll try this. ... View more

For information, jira ticket created.   https://issues.apache.org/jira/browse/NIFI-11967 ... View more