Hi @gianluca , Could you please share the steps you have followed to create the custom entity? If you're doing it via the REST API, then you can update your Json file according to your preference (including the name of the custom entity) prior to running the POST /v2/entity API call.   Thanks, Prashanth Vishnu ... View more

Hello @VenkyBandaru ,   Could you please try the below curl command to delete the custom entity type def? # curl -u <username>:<password> -X DELETE 'http://<hostname>:<port>/api/atlas/v2/types/typedefs' --header 'Content-Type: application/json' -d '{ "entityDefs": [ { "name": "<custom type name>" } ] }'   Thanks, Prashanth Vishnu ... View more

Hi @daba,   Could you check the following topology file in the Knox gateway node to validate if the authentication provider change you made in the CM UI is reflected at the host level as well? - /var/lib/knox/gateway/conf/topologies/knoxsso.xml   Thanks, Prashanth Vishnu ... View more

Hi @ryu ,   Did you make any config changes related to Ranger usersync prior to restarting Ranger from Ambari? Also, make sure the usersync directory is pointing to the appropriate HDP version in use as shown below, # ls -l /usr/hdp/current/ranger-usersync lrwxrwxrwx 1 root root 36 Aug 18 16:19 /usr/hdp/current/ranger-usersync -> /usr/hdp/2.6.5.328-2/ranger-usersync   Thanks, Prashanth Vishnu ... View more

Hi @Mdali ,   Maybe the file"/usr/hdp/current/oozie-server/oozie-sharelib.tar.gz" is corrupted? Could you try copying the file from the other Oozie server if its the same version? Then try restarting again and let us know how it goes.   Thanks, Prashanth Vishnu ... View more

Hi @Mdali , Could you ensure the KDC server is reachable from the Ambari server? If it isn't then it is possible that the tasks might get timed out.   # ping <KDC host> #  telnet  <KDC host> 88 Also, check the ambari-server.log for the keyword "CreatePrincipalsServerAction", as ideally below are the messages you can expect when you add a oozie server to the cluster,   ------------- 14 Sep 2021 03:03:23,511 INFO [Server Action Executor Worker 2577] KerberosServerAction:359 - Processing identities... 14 Sep 2021 03:03:23,518 INFO [Server Action Executor Worker 2577] CreatePrincipalsServerAction:205 - Processing principal, oozie/<FQDN>@HADOOP.COM 14 Sep 2021 03:03:23,921 INFO [Server Action Executor Worker 2577] KerberosServerAction:463 - Processing identities completed. -------------   Thanks, Prashanth Vishnu ... View more

Hi @noway , Did you try to enable deny conditions in Policies with the steps shared and retry? Can you confirm if it worked as intended?   Thanks, Prashanth Vishnu ... View more

Hi @Mdali ,   Based on the error message " 'oozie/FQDN' not found in Kerberos database", looks like the oozie kerberos prinicpal creation failed. Could you check the Ambari server logs during the time you tried to add another Oozie server to identify the cause?   Thanks, Prashanth Vishnu ... View more

Hi @benthor ,   To search with multiple values you have assigned for a particular attribute of an entity, could you try to filter by specifying the values in the square brackets and see if it helps?  from Dataset where tags = ["valueA", "valueB"]   Thanks, Prashanth Vishnu ... View more

Hi @claudialeee ,   You can use POST /v2/entity/guid/{guid}/classifications to add classifications to an existing entity represented by a guid.   Example: To add classification "demo" to an entity represented by a GUID 88daa7d6-90e6-48bc-94f7-7560158c68f3, # curl -u <Username>:<password> -H 'Accept: application/json' -H 'Content-Type: application/json' -X POST "http://<Atlas server FQDN>:<Atlas port>/api/atlas/v2/entity/guid/88daa7d6-90e6-48bc-94f7-7560158c68f3" -d '[{"typeName":"demo"}]'  Please try this and let me know if this helps! Thanks, Prashanth Vishnu ... View more

Hi @noway,   As mentioned in the documentation, did you ensure you have enabled deny conditions for policies? Because t he deny condition in policies is disabled by default and must be enabled for use. From Ambari>Ranger>Configs>Advanced>Custom ranger-admin-site, add   ranger.servicedef.enableDenyAndExceptionsInPolicies=true   . Restart Ranger. If the above is already done, could you try to run the SELECT query on the table with your user account and go to Ranger Admin Audit's Access tab, filter with your user name and validate which Policy granted you the access for the operation (You can identify the Policy ID in the audit entry). Also, would you be able to share a screenshot of the policy which you had created?   Thanks, Prashanth Vishnu ... View more

@enirys , Try checking the Ambari audit logs to identify where the authentication requests using the Knox kerberos principal is originating from. ... View more

Hi @enirys,   If you wanted to use the Authentication provider used with the Knox gateway for the Ambari UI and don't prefer the kerberos authentication, then you can disable it by setting the below property to false,   authentication.kerberos.enabled = false   You can find the "authentication.kerberos.*" properties in the /etc/ambari-server/conf/ambari.properties file.   Restart Ambari server after making necessary changes and monitor the logs to see if the warnings are repeated again. ... View more

Hi @enirys ,   It appears that you have configured Ambari to authenticate using Kerberos tokens via SPNEGO. From the logs, I see you are trying to authenticate to Ambari using the principal "knox/<knox_gateway>@<REALM>" which gets translated to the user name "knox" and then searches it in the internal database or from an external source, such as an LDAP directory based on your configuration and unable to find it and hence the below warning message,   ---------- 02 Jul 2021 18:43:52,515 WARN [ambari-client-thread-792188] AmbariAuthToLocalUserDetailsService:143 - Failed find user account for user with username of knox during Kerberos authentication. ----------   So validate the values set for the property "authentication.kerberos.user.types", and ensure the "knox" user is present in the User type mentioned and create if unavailable. Once available and when you re-authenticate again, Ambari will be able to find the relevant user and it bypasses the default user name and password login facility and should be able to authenticate successfully. Let us know if this helps! Thanks, Prashanth Vishnu ... View more

@sandeepksaini Can you share a screenshot of the Add service wizard to highlight which option is currently greyed out? ... View more

Hi @sandeepksaini ,   Normally, any user having the Ambari Administrator role is allowed to add a service to the cluster. In your case, do you mean even after selecting the service you wanted to add in the Add service wizard, the "Next" button is disabled? Any errors in ambari-server.log? Also, could you try restarting your Ambari server to see if it helps? Thanks, Prashanth Vishnu ... View more