Member since
09-28-2015
34
Posts
30
Kudos Received
11
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
2186 | 04-04-2019 07:06 PM | |
311 | 05-17-2016 02:16 PM | |
370 | 05-09-2016 09:13 PM | |
318 | 11-19-2015 04:24 AM | |
195 | 11-13-2015 04:34 AM |
04-04-2019
07:06 PM
3 Kudos
DFS commands are restricted in Hive when authorization is enabled, either through Ranger or SQL std authorization.
... View more
05-20-2016
06:49 PM
You can use these tutorials. http://hortonworks.com/hadoop-tutorial/tag-based-policies-atlas-ranger/ http://hortonworks.com/hadoop-tutorial/cross-component-lineage-apache-atlas/ There is a startup script which runs to start all services and it takes a little bit of time after starting the VM. The services are up and running when you see the command prompt for that VM
... View more
05-19-2016
06:54 PM
Have you followed the steps outlined by Neeraj to cleanup DB ?
... View more
05-17-2016
02:16 PM
@Sunile Manjee I am not sure this has anything to do with Ranger. As mentioned in this post , if you are using Spark SQL client it will behave similar to Hive CLI today where HDFS permissions come into the play. There is Spark thriftserver work which is pending https://issues.apache.org/jira/browse/SPARK-8659
... View more
05-10-2016
05:27 PM
2 Kudos
To add in, as a best practice, we recommend customers using HDP 2.3.x or HDP 2.4.x to configure their audits to both Solr and HDFS. HDFS destination is for long term audit storage, while Solr could be used for short term audit query from the Ranger UI. It is recommended to use a ttl (time to live) setting in Solr to ensure documents are deleted automatically after a certain period.
... View more
05-09-2016
09:13 PM
2 Kudos
HP Voltage has done the integration of HDFS encryption with their own KMS. They offer it as part of HPE Secure Storage solution. HDFS encryption can be integrated with 3 party KMS using the keyprovider APIs, however there is some work involved in ensure the integration works, specifically in Kerberos mode. HP Voltage is the only vendor partner to have completed this work.
... View more
05-06-2016
06:52 PM
2 Kudos
@hduraiswamy Authorization and Masking are 2 separate events. You would need access to a column for the query to run. If customer would want to filter columns, best way would be to create views. This is no different than other databases. If the user has access to column, but the column data should be redacted, then masking would be an appropriate solution.
... View more
04-26-2016
11:07 PM
You can try writing a script to export/import policies from one Ranger instance to another using REST APIs.
... View more
04-22-2016
05:06 AM
Ravi and Sagar summed it up correctly. Please wait for the login screen to appear in CentOS screen, it takes a while for all services to be started using Ambari..
... View more
04-22-2016
05:03 AM
@David Walker Ranger audits are based on a standard json format, you can write a script to publish them directly to the audit destination, either DB, Solr or HDFS. Please note that we are deprecating support for audit to DB from next release onwards..
... View more
04-21-2016
05:38 AM
What is the error that you are seeing ?
... View more
04-20-2016
06:04 PM
Is Ranger's audit source solr or db ? Check your config in Ambari
... View more
04-19-2016
09:14 PM
For Hive and HBase, you can execute GRANT/REVOKE statements from a shell and it will automatically create policies in Ranger.
... View more
03-14-2016
07:00 PM
1 Kudo
@Smart Solutions I don't think this is a Ranger specific issue. Get users/groups into Ranger can be done by provisioning to a file and using Ranger to sync from that file. The bigger question is how would you realize groups at OS level or within Hadoop. If you are using SSSD, have you been able to make it work across multiple domains.
... View more
03-11-2016
08:34 PM
2 Kudos
@prakash What are you seeing in Ranger audit when other user tries to access this database?
... View more
03-11-2016
08:32 PM
2 Kudos
Ranger support for DB will most probably be phased out in the next release, it is being discussed in the community currently.
... View more
03-11-2016
08:18 PM
1 Kudo
Screenshots for Ranger policy and output of what you are getting back from "hdfs groups <username> " would be helpful
... View more
11-20-2015
11:18 PM
@rgarcia Why not pipe the data from HDFS, assuming audit is being written to HDFS as well?
... View more
11-20-2015
11:17 PM
1 Kudo
@Brandon Wilson Very nice. @Neeraj Sabharwal We are moving away from storing audits in DB, we need to guide customers to get audit from HDFS
... View more
11-13-2015
04:34 AM
It is not a vulnerability. The Ranger policies do not move with the data. If the new folder has less restrictions, administrators would have to make sure appropriate policies are set. Data can be moved from production to development cluster or to archival/DR. The destination folder rules may not map always to source folder rules. Good part here is that Ranger policy can be set even before folders are created, so administrators should set Ranger policies before moving data.
... View more
11-04-2015
06:12 PM
Sounds right. @rvenkatesh@hortonworks.com @bdurai@hortonworks.com can you confirm?
... View more
11-02-2015
06:33 PM
1 Kudo
Though views are not a scalable model, this would be the best recommended solution till the time we have support for inserting predicate or filtering row through UDF in Hive.
... View more
11-02-2015
06:31 PM
2 Kudos
We would recommend customers to use Ranger with Hive, rather than SQL std authorization. The solution recommend by JP would work
... View more
10-21-2015
09:34 PM
1 Kudo
Let us use official docs as much as possible.
... View more
10-21-2015
09:34 PM
2 Kudos
http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.2/bk_secure-kafka-ambari/content/ch_secure-kafka-overview.html
... View more
10-21-2015
09:31 PM
4 Kudos
@amcbarnett@hortonworks.com The concern is around who can get access to keys even if you are encrypting the mapreduce shuffle. Local disk encryption is for scenarios where some can take the disk out and read the data. Customers should adopt other methods (OS level access) to prevent users from getting access to nodes where the intermediate data might be stored
... View more
10-06-2015
11:26 PM
CC @abajwa@hortonworks.com @sneethiraj@hortonworks.com @vperiasamy@hortonworks.com
... View more
10-06-2015
11:26 PM
2 Kudos
scripts.zip Check attached scripts and see if it helps..
... View more
10-01-2015
11:24 PM
Have you checked this blog? http://hortonworks.com/blog/best-practices-for-hive-authorization-using-apache-ranger-in-hdp-2-2/
... View more