Default Page Size seems to be 200 on most APIs. Use query parameters pageSize and startIndex to page through the results ... View more

I believe that in Ranger 1.2.0 the property xasecure.audit.provider.summary.enabled is called Audit provider summary enabled (checkbox to tick) in Advanced ranger-hdfs-audit in HDFS service in Ambari. ... View more

In my case I had to restart HiveServer2 services on nodes after I had connected the hosts to the domain (using sssd service). ... View more

@Terry Stebbens Thanksa lot again for all ur help . In HDP sandbox 2.5 , while testing ranger functionalities, I got I need hive user access.but am not sure what is default hive user credentials. Can yo help me in this please. I am trying to achieve BEST PRACTICES FOR HDFS AUTHORIZATION Having a federated authorization model may create a challenge for security administrators looking to plan a security model for HDFS. After Apache Ranger and Hadoop have been installed, we recommend administrators to implement the following steps: Change HDFS umask to 077 Identify directory which can be managed by Ranger policies Identify the directories that can be managed by Ranger policies We recommend that permission for application data folders (/apps/hive, /apps/Hbase) as well as any custom data folders be managed through Apache Ranger. The HDFS native permissions for these directories need to be restrictive. This can be done through changing permissions in HDFS using chmod. Example: $ hdfs dfs -chmod -R 000 /apps/hive $ hdfs dfs -chown -R hdfs:hdfs /apps/hive $ hdfs dfs -ls /apps/hive Found 1 items d——— – hdfs hdfs 0 2015-11-30 08:01 /apps/hive/warehouse After changing umask value 077. Its not allow me to do any operation as root user. its looking for hive user. can u guide me please Error: at org.apache.hadoop.fs.shell.Command.run(Command.java:165) at org.apache.hadoop.fs.FsShell.run(FsShell.java:297) at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:76) at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:90) at org.apache.hadoop.fs.FsShell.main(FsShell.java:350) chmod: changing permissions of '/apps/hive': Permission denied. user=root is not the owner of inode=hive http://hortonworks.com/blog/best-practices-in-hdfs-authorization-with-apache-ranger/ ... View more

Thanks @Terry Stebbens and @Ian Roberts, I have changed to yarn.scheduler.capacity.maximum-am-resource-percent=0.4 and its working fine. ... View more

@Terry Stebbens Thanks Terry for quick response. We are using third party CA. (Not the self signed ones). Currently while generating the CSR we given Common Name = {hostname} $hostname yields : abc-xyz-001.CompanyName.COM Instead when we give CN = *.CompanyName.COM, do we need to to get a domain set up in DNS to handle this? Thanks, Arpan ... View more

Hi, you need to give your Ubuntu host a domain name which you then add as the FQDN. For the second part, you need to copy your id_rsa file you created and paste it into the SSh private key box. (It is either the id_rsa or id_rsa.pub, i cant remember), as shown in the image above. ... View more

yes it will not work at all with hive cli , better you use beeline, thanks! ... View more

Okay.. Was hoping this feature could be or will be avalible in Resource Based. One case could be data in HDFS which only should be allowed to acces data based on location or a time perioed. ... View more