@pazufst                                                                  How Ranger policies work for HDFS Apache Ranger offers a federated authorization model for HDFS. Ranger plugin for HDFS checks for Ranger policies and if a policy exists, access is granted to user. If a policy doesn’t exist in Ranger, then Ranger would default to the native permissions model in HDFS (POSIX or HDFS ACL). This federated model is applicable for HDFS and Yarn service in Ranger. For other services such as Hive or HBase, Ranger operates as the sole authorizer which means only Ranger policies are in effect. The option for the fallback model is configured using a property in Ambari → Ranger → HDFS config → Advanced ranger-hdfs-security   xasecure.add-hadoop-authorization=true   The federated authorization model enables to safely implement Ranger in an existing cluster without affecting jobs that rely on POSIX permissions to enable this option as the default model for all deployments. org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.AccessControlException): Permission denied: user=XXXXX, access=READ, inode="/user/.snapshot/user_201806150000":w93651:hdfs:drwx------ Is self-explanatory does the user w93651 exist on both clusters with valid Kerberos tickets if the cluster is kerberized? Ensure the CROSS-REALM is configured and working.   Is your ranger managing the 2 clusters? HTH ... View more

Thanks for prompt response and testing. This worked for me too previously. ... View more

@ARVINDR : Thanks for the info on that cluster creation part. Did you try to check the ACL. ... View more

@ Govins28   Its a test cluster ... View more

@Mondi : Yes it refers to meta data and the point in which the snapshot is done. You can revert or restore the data from the snapshot at any point in time.  https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/HdfsSnapshots.html   ... View more

@bhara : Thanks for the reply. I am glad you have figured that out. ... View more