Cloudera Community

Announcements
Celebrating a Century of Connection: Our Community Reaches 100,000 Members! Thank you!
akulkarni1
user rank
user rank
Contributor

Re: Atlas Tags not getting synced to Ranger

by Contributor Contributor in Support Questions
‎10-01-2018 04:02 PM
‎10-01-2018 04:02 PM
@Megha U The reason for the error reported on tagsync log (and returned by ranger-admin) is directly because there is no service "atlastest_hive" in the ranger-admin. As part of processing of kafka notification for tag creation, tagsync builds a ranger-admin request from the data in the notification. This request contains the service-name to which tagged entity belongs, and sends it over to ranger-admin for persisting in the ranger-admin database. When ranger-admin validates it, it does find the corresponding service and hence the error. What do you want to do with tags in your installation? If you don't plan to use ranger-authorizer for hive-server2, then the tagged entities are not expected to be authorized by ranger and tags (which are basically classifications for hive entities) are not very useful to you. Thanks, ... View more

Re: Ranger Row Level Filtering

by Contributor Contributor in Support Questions
‎11-16-2017 10:16 PM
‎11-16-2017 10:16 PM
Yes, this is expected behavior. Ranger matches first row-filter policy line-item (in the same order as specified in the policy). ... View more

Re: How to create many ranger policies and add use...

by Contributor Contributor in Support Questions
‎09-20-2017 06:18 PM
‎09-20-2017 06:18 PM
Please use the following doc link. It documents the latest set of REST APIs supported by Ranger for policy management. Thanks! https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.6+-+REST+APIs+for+Service+Definition%2C+Service+and+Policy+Management , ... View more

Re: Ranger policy does not grant access as expecte...

by Contributor Contributor in Support Questions
‎05-19-2017 06:32 PM
‎05-19-2017 06:32 PM
@Farzaneh Poorjabar Easiest way to assign access only to a specific directory (say /home/farzaneh) is: Resource path : /home/farzaneh isRecursive: false If you need the access granted recursively to a directory and all directories under it, then Resource path : /home/farzaneh isRecursive:true But, there is a side-effect. Access will be granted to all paths starting with /home/farzaneh There is no explicit way to specify in a ranger policy, if the specified resource is a file or a directory. That leads to these corner cases. You could still get the effect you want by specifying two policies, one with resource as '/home/farzaneh/*', isRecursive = true and another with two resources ['/home/farzaneh', '/home/farzaneh/'] with isRecursive = false. ... View more

Re: Enabling and Disabling a Ranger Policy using c...

by Contributor Contributor in Support Questions
‎04-06-2017 06:30 PM
‎04-06-2017 06:30 PM
@rajdip chaudhuri To add to @Jay SenSharma's answer: Please use a newer and better version of REST APIs as documented here. ... View more

Re: REST api URL to configure Ranger objects

by Contributor Contributor in Support Questions
‎04-06-2017 06:18 PM
‎04-06-2017 06:18 PM
@prashanth ramesh Please check the document REST APIs for Service Definition, Service and Policy Management. The Request URL needs to be "service/public/v2/api/policy/{id}". ... View more

Re: Problem when delete policy in ranger by name,H...

by Contributor Contributor in Support Questions
‎02-09-2017 06:27 PM
1 Kudo
‎02-09-2017 06:27 PM
1 Kudo
@hubert zhang bIt should work. I used the following to delete a policy 'test' in service 'cl1_hadoop' # curl -v -u admin:admin -X DELETE 'http://localhost:6080/service/public/v2/api/policy?servicename=cl1_hadoop&policyname=test' * About to connect() to localhost port 6080 (#0) * Trying ::1... connected * Connected to localhost (::1) port 6080 (#0) * Server auth using Basic with user 'admin' > DELETE /service/public/v2/api/policy?servicename=cl1_hadoop&policyname=test HTTP/1.1 > Authorization: Basic YWRtaW46YWRtaW4= > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Host: localhost:6080 > Accept: */* > < HTTP/1.1 204 No Content < Server: Apache-Coyote/1.1 < Set-Cookie: RANGERADMINSESSIONID=3A91B6A9E428A09CBA0291AA5CA8D8A2; Path=/; HttpOnly < X-Frame-Options: DENY < Date: Thu, 09 Feb 2017 06:25:35 GMT < * Connection #0 to host localhost left intact * Closing connection #0 Please note the single quotes above. ... View more

Re: Atlas-Ranger issue

by Contributor Contributor in Support Questions
‎02-01-2017 06:28 PM
1 Kudo
‎02-01-2017 06:28 PM
1 Kudo
@Javier Teixeira Quevedo Can you please describe how you tagged entities in Atlas, what you expected to see and if there are any errors in /var/log/ranger/tagsync/tagsync.log or /var/log/ranger/tagsync/tagsync.out or /var/log/ranger/admin/xa_portal.log? ... View more

Re: Atlas Tag not showing up in Ranger, getting wa...

by Contributor Contributor in Support Questions
‎12-28-2016 06:21 PM
2 Kudos
‎12-28-2016 06:21 PM
2 Kudos
@Ward Bekker From the log, it looks like the tagsync thread listening on Kafka events has failed. You may want to use kafka console consumer to see if the Atlas events are coming through by running 'kafka-console-consumer.sh --zookeeper <zookeeper-host-ip>:2181 --topic ATLAS_ENTITIES --from-beginning'. If the Atlas events are shown up, then please check tagsync configuration, especially, atlas-application.properties file, and try restarting tagsync. ... View more
Contact Me
Online
Offline
Last Visited
‎01-11-2023 05:31 PM
Community Statistics
Member Since ‎09-29-2015 12:41 AM
Last Visited ‎01-11-2023 05:31 PM
Posts 19
Kudos received 8