Is it a problem if I deny ranger user itself from accessing resources via ranger policies? Trying to set a policy so that only a certain user user1 can access an HDFS resource, found that setting an allow condition was meaningless unless had also set a deny public condition for the policy. However, after doing this, found that the ranger user was actually trying to access this location (and getting denied because of the deny public condition): [image: enter image description here] <https://i.stack.imgur.com/FuAqh.png>So my questions are:
1. Should I add an exclude-from-deny condition to the policy? Ie. is it a big deal that ranger gets denied? How could I tell? 2. What is ranger doing here (all the audit tells me is that it was trying to access that path for *something*)? 3. Is there a better way to allow hadoop service users that need to access all parts of the cluster (given that I can't anticipate which they are (perhaps there is HDP documentation out there detailing this))? -- This electronic message is intended only for the named recipient, and may contain information that is confidential or privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you have received this message in error or are not the named recipient, please notify us immediately by contacting the sender at the electronic mail address noted above, and delete and destroy all copies of this message. Thank you.
