Hi, I've configured usersync with LDAP (IPA backend) successfully and also LDAP for the Admin UI. What I want to achieve: All the users from the cluster are sync with usersync. Admin group can login to Ranger Admin and create rules Auditer can login to Ranger and see only the Audit tabs Standard user cannot login to Ranger Admin UI. Current state: Usersync is OK Admin group is OK Auditer can login OK Standard user CAN login to Ranger Admin and see only "Resource Based Policies" and "Reports" KO I've tried to filter users who can login to Ranger Admin via LDAP: ranger.ldap.user.searchfilter: (&(uid={0})(memberOf=cn=my_admin_team,cn=groups,cn=accounts,dc=example,dc=com)) but this does not work. I've also tried to remove the users from the permissions (Settings -> Permissions -> Resource Based Policies) as explained here: https://community.hortonworks.com/questions/62605/permissions-for-using-ranger.html but after restarting the Ranger service, all users are back. Looks like the permission is not persisted, or is overriden by the service restart. Note that this standard user can delete policies of other users. Questions: Can we filter which users/groups can login to Ranger Admin UI without changing the permissions (Settings -> Permissions) but only with the properties in Ambari (Ranger -> Config -> Advanced -> LDAP settings ? Is is a limitation with that version of Ranger? How can we remove the default matching for every user with permissions in "Resource Based Policies" and "Reports" HDP 2.6.5, ranger 0.7 from HDP 2.6.5 Thanks ... View more