Hi @Mdali , Could you ensure the KDC server is reachable from the Ambari server? If it isn't then it is possible that the tasks might get timed out.   # ping <KDC host> # telnet <KDC host> 88 Also, check the ambari-server.log for the keyword "CreatePrincipalsServerAction", as ideally below are the messages you can expect when you add a oozie server to the cluster,   ------------- 14 Sep 2021 03:03:23,511 INFO [Server Action Executor Worker 2577] KerberosServerAction:359 - Processing identities... 14 Sep 2021 03:03:23,518 INFO [Server Action Executor Worker 2577] CreatePrincipalsServerAction:205 - Processing principal, oozie/<FQDN>@HADOOP.COM 14 Sep 2021 03:03:23,921 INFO [Server Action Executor Worker 2577] KerberosServerAction:463 - Processing identities completed. -------------   Thanks, Prashanth Vishnu ... View more

Hi @noway , Did you try to enable deny conditions in Policies with the steps shared and retry? Can you confirm if it worked as intended?   Thanks, Prashanth Vishnu ... View more

Hi @Mdali ,   Based on the error message "'oozie/FQDN' not found in Kerberos database", looks like the oozie kerberos prinicpal creation failed. Could you check the Ambari server logs during the time you tried to add another Oozie server to identify the cause?   Thanks, Prashanth Vishnu ... View more

Hi @benthor ,   To search with multiple values you have assigned for a particular attribute of an entity, could you try to filter by specifying the values in the square brackets and see if it helps?  from Dataset where tags = ["valueA", "valueB"]   Thanks, Prashanth Vishnu ... View more

Hi @claudialeee ,   You can use POST /v2/entity/guid/{guid}/classifications to add classifications to an existing entity represented by a guid.   Example: To add classification "demo" to an entity represented by a GUID 88daa7d6-90e6-48bc-94f7-7560158c68f3, # curl -u <Username>:<password> -H 'Accept: application/json' -H 'Content-Type: application/json' -X POST "http://<Atlas server FQDN>:<Atlas port>/api/atlas/v2/entity/guid/88daa7d6-90e6-48bc-94f7-7560158c68f3" -d '[{"typeName":"demo"}]'  Please try this and let me know if this helps! Thanks, Prashanth Vishnu ... View more

Hi @noway,   As mentioned in the documentation, did you ensure you have enabled deny conditions for policies? Because the deny condition in policies is disabled by default and must be enabled for use. From Ambari>Ranger>Configs>Advanced>Custom ranger-admin-site, add ranger.servicedef.enableDenyAndExceptionsInPolicies=true . Restart Ranger. If the above is already done, could you try to run the SELECT query on the table with your user account and go to Ranger Admin Audit's Access tab, filter with your user name and validate which Policy granted you the access for the operation (You can identify the Policy ID in the audit entry). Also, would you be able to share a screenshot of the policy which you had created?   Thanks, Prashanth Vishnu ... View more

@enirys , Try checking the Ambari audit logs to identify where the authentication requests using the Knox kerberos principal is originating from. ... View more

Hi @enirys,   If you wanted to use the Authentication provider used with the Knox gateway for the Ambari UI and don't prefer the kerberos authentication, then you can disable it by setting the below property to false,   authentication.kerberos.enabled = false   You can find the "authentication.kerberos.*" properties in the /etc/ambari-server/conf/ambari.properties file.   Restart Ambari server after making necessary changes and monitor the logs to see if the warnings are repeated again. ... View more

Hi @enirys ,   It appears that you have configured Ambari to authenticate using Kerberos tokens via SPNEGO. From the logs, I see you are trying to authenticate to Ambari using the principal "knox/<knox_gateway>@<REALM>" which gets translated to the user name "knox" and then searches it in the internal database or from an external source, such as an LDAP directory based on your configuration and unable to find it and hence the below warning message,   ---------- 02 Jul 2021 18:43:52,515 WARN [ambari-client-thread-792188] AmbariAuthToLocalUserDetailsService:143 - Failed find user account for user with username of knox during Kerberos authentication. ----------   So validate the values set for the property "authentication.kerberos.user.types", and ensure the "knox" user is present in the User type mentioned and create if unavailable. Once available and when you re-authenticate again, Ambari will be able to find the relevant user and it bypasses the default user name and password login facility and should be able to authenticate successfully. Let us know if this helps! Thanks, Prashanth Vishnu ... View more

@sandeepksaini Can you share a screenshot of the Add service wizard to highlight which option is currently greyed out? ... View more