About hadoop2

hadoop2 · ‎04-10-2018

Yes, Ranger policies trump HDFS ACL. 2. If you allow access to /data/dir1/dir2, then the user will have access to /data/dir1/dir2 (HDFS ACL is not checked because Ranger permissions prevail) 3. Deny your user access to /data/dir1/dir2 in Ranger. Or, don't have a policy for this directory (this way HDFS ACL is invoked).

hadoop2 · ‎04-10-2018

No answers, so I had do do more digging. It turns out one can only have ONE HDFS (or Hive for that matter) resource based service active at one time, and the value is set in /etc/hadoop/conf/ranger-hdfs-security.xml , key ranger.plugin.hdfs.service.name Moreover, when set through Ambari, the service name is always <cluster_name>_hadoop (some say it's _hdfs, but I definitely see it as _hadoop in HDP 2.6.3 So, play as much as you want in the Ranger UI, create services, change names, that is just a a fake UI. The real work is done in the /etc/hadoop/conf/ranger-hdfs-security.xml Thanks guys for making it so straightforward.

hadoop2 · ‎04-10-2018

One can create multiple resource based services in Ranger Service Manager, but it seems only one is active at any moment in time. True ? What determines this ? E.g. I created 2 identical HDFS services: "hdfs_service1", and "hdfs_service2", both enabled. Then I create a number of policies in each. Are both services active at the same time ? What determines which is active, and the policies that will be enforced ? Furthermore, I can create 2 identical Tag based service: "tag1", and "tag2". Now I set the tag service of "hdfs_service1" to "tag1", and "hdfs_service2" to "tag2". Again, which one will be active ?

Online	Offline
Last Visited	‎04-10-2018 08:28 PM

Member Since	‎03-30-2018 04:38 AM
Last Visited	‎04-10-2018 08:28 PM
Posts	4

Cloudera Community

Re: How are multiple Ranger resource based service...

Re: Ranger policies on HDFS (READ/WRITE/EXECUTE)

Re: How are multiple Ranger resource based service...

How are multiple Ranger resource based services af...