About vgrivel

vgrivel · ‎09-19-2019

Hi, Did you find any solution to your problem because I'm facing the same. I have HDP 2.6.5 with Knox 0.12.0. Thanks.

vgrivel · ‎05-02-2019

Hi Shashi, Unfortunately this is not completely true. A "normal" user can login to Ranger Admin UI and have by default the "Resource Based Policies" and "Reports" permissions. With the Resource Based Policies, this user can modify and delete already existing policies owned by other users / admins. When I remove the Resource Based Policies permissions for that user, the user can see now only the "reports". However after restarting the entire Ranger services (Ranger admin, usersync, tagsync), the default permissions are applied again and the user can have access back to the Resource Based Policies. I want to ensure that none-Admin user cannot modified the policies. Vincent

vgrivel · ‎05-02-2019

I found the response of my last question. The default matching is hardcoded in java: https://github.com/hortonworks/ranger-release/blob/HDP-2.6.5.0-292-tag/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java#L267 Latest version of Ranger have the same hardcoded matching.

vgrivel · ‎04-29-2019

Hi, I've configured usersync with LDAP (IPA backend) successfully and also LDAP for the Admin UI. What I want to achieve: All the users from the cluster are sync with usersync. Admin group can login to Ranger Admin and create rules Auditer can login to Ranger and see only the Audit tabs Standard user cannot login to Ranger Admin UI. Current state: Usersync is OK Admin group is OK Auditer can login OK Standard user CAN login to Ranger Admin and see only "Resource Based Policies" and "Reports" KO I've tried to filter users who can login to Ranger Admin via LDAP: ranger.ldap.user.searchfilter: (&(uid={0})(memberOf=cn=my_admin_team,cn=groups,cn=accounts,dc=example,dc=com)) but this does not work. I've also tried to remove the users from the permissions (Settings -> Permissions -> Resource Based Policies) as explained here: https://community.hortonworks.com/questions/62605/permissions-for-using-ranger.html but after restarting the Ranger service, all users are back. Looks like the permission is not persisted, or is overriden by the service restart. Note that this standard user can delete policies of other users. Questions: Can we filter which users/groups can login to Ranger Admin UI without changing the permissions (Settings -> Permissions) but only with the properties in Ambari (Ranger -> Config -> Advanced -> LDAP settings ? Is is a limitation with that version of Ranger? How can we remove the default matching for every user with permissions in "Resource Based Policies" and "Reports" HDP 2.6.5, ranger 0.7 from HDP 2.6.5 Thanks

vgrivel · ‎11-21-2018

Hi @Sanjay Kumar Did you find a solution ? I'm hitting almost the same issue where I cannot specify MySQL as the hive metastore. Thanks

vgrivel · ‎02-07-2018

Did you find the issue, is it related to the jdbc driver? Thanks

vgrivel · ‎04-22-2016

Hi Gauthier, Do you have any news about that issue? Does it work properly now? Thanks

vgrivel · ‎04-04-2016

Thank you for the fix.

vgrivel · ‎03-30-2016

Hi, I discover a bug on ambari UI. On the host view, when the first host of the list do not contains any component, no hosts are displayed and the page stuck on the loading icon. I solved the problem by removing that host from Ambari. I'm using ambari 2.2.0.0

Online	Offline
Last Visited	‎03-02-2020 08:19 AM

Date Registered	‎03-30-2016 09:16 PM
Last Visited	‎03-02-2020 08:19 AM
Total Messages Posted	13
Total Kudos Received	4

Re: Yarn app logs through knox

Re: Ranger LDAP Admin UI vs Usersync

Re: Ranger LDAP Admin UI vs Usersync

Ranger LDAP Admin UI vs Usersync

Re: getting exception in spark-hive application.

Re: Tez with Hive from Hue 3.12: tez.lib.uris is n...

Re: AMBARI METRICS restart randomly

Re: Ambari UI no hosts display

Ambari UI no hosts display