Member since
03-30-2016
13
Posts
4
Kudos Received
0
Solutions
09-19-2019
12:59 AM
Hi, Did you find any solution to your problem because I'm facing the same. I have HDP 2.6.5 with Knox 0.12.0. Thanks.
... View more
05-02-2019
11:19 PM
Hi Shashi, Unfortunately this is not completely true. A "normal" user can login to Ranger Admin UI and have by default the "Resource Based Policies" and "Reports" permissions. With the Resource Based Policies, this user can modify and delete already existing policies owned by other users / admins. When I remove the Resource Based Policies permissions for that user, the user can see now only the "reports". However after restarting the entire Ranger services (Ranger admin, usersync, tagsync), the default permissions are applied again and the user can have access back to the Resource Based Policies. I want to ensure that none-Admin user cannot modified the policies. Vincent
... View more
05-02-2019
09:23 AM
I found the response of my last question. The default matching is hardcoded in java: https://github.com/hortonworks/ranger-release/blob/HDP-2.6.5.0-292-tag/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java#L267 Latest version of Ranger have the same hardcoded matching.
... View more
04-29-2019
01:22 PM
1 Kudo
Hi, I've configured usersync with LDAP (IPA backend) successfully and also LDAP for the Admin UI. What I want to achieve: All the users from the cluster are sync with usersync. Admin group can login to Ranger Admin and create rules Auditer can login to Ranger and see only the Audit tabs Standard user cannot login to Ranger Admin UI. Current state: Usersync is OK Admin group is OK Auditer can login OK Standard user CAN login to Ranger Admin and see only "Resource Based Policies" and "Reports" KO I've tried to filter users who can login to Ranger Admin via LDAP: ranger.ldap.user.searchfilter: (&(uid={0})(memberOf=cn=my_admin_team,cn=groups,cn=accounts,dc=example,dc=com)) but this does not work. I've also tried to remove the users from the permissions (Settings -> Permissions -> Resource Based Policies) as explained here: https://community.hortonworks.com/questions/62605/permissions-for-using-ranger.html but after restarting the Ranger service, all users are back. Looks like the permission is not persisted, or is overriden by the service restart. Note that this standard user can delete policies of other users. Questions: Can we filter which users/groups can login to Ranger Admin UI without changing the permissions (Settings -> Permissions) but only with the properties in Ambari (Ranger -> Config -> Advanced -> LDAP settings ? Is is a limitation with that version of Ranger? How can we remove the default matching for every user with permissions in "Resource Based Policies" and "Reports" HDP 2.6.5, ranger 0.7 from HDP 2.6.5 Thanks
... View more
Labels:
11-21-2018
01:47 PM
Hi @Sanjay Kumar Did you find a solution ? I'm hitting almost the same issue where I cannot specify MySQL as the hive metastore. Thanks
... View more
02-07-2018
08:27 AM
Did you find the issue, is it related to the jdbc driver? Thanks
... View more
04-22-2016
08:10 AM
Hi Gauthier, Do you have any news about that issue? Does it work properly now? Thanks
... View more
03-30-2016
09:43 PM
3 Kudos
Hi, I discover a bug on ambari UI. On the host view, when the first host of the list do not contains any component, no hosts are displayed and the page stuck on the loading icon. I solved the problem by removing that host from Ambari. I'm using ambari 2.2.0.0
... View more
Labels:
- Labels:
-
Apache Ambari