I’m fairly certain that authToLocal is configured properly. Issuing the command:
$ hdfs groups user1 Returns: user1: user1 group1 On 5 May 2015, at 18:34, Don Bosco Durai <[email protected]<mailto:[email protected]>> wrote: Dale, have you configured authToLocal properly in Hadoop? Can you try this? $ hdfs groups user1 Thanks Bosco From: <Bradman>, Dale <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Tuesday, May 5, 2015 at 5:57 AM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Cannot define HBase policy by groups Hello, I am struggling to create policies on HBase defined by a group. Here is what I have done: 1. I create a UNIX user “user1” and add this user to the group “group1”. 2. Ranger UI syncs with UNIX and shows “user1” as an external user belonging to the group “group1”. Also, “group1” is automatically created as a new internal group in the groups section. 3. I create a HBase policy in RangerUI granting “user1” READ permissions on all HBase tables. As expected, “user1” is able to read the tables. 4. I then edit the same policy by also granting “group1” READ permissions on all HBase tables. As expected, “user1” is able to read the tables. 5. I then edit the same policy by removing “user1” entirely thus leaving only “group1” with READ permissions. Now, “user1” is unable to read the tables despite being a member of “group1” So essentially, what I want to be able to do is assign multiple users to “group1” and grant “group1” read access on tables. Can anyone clarify if this is a bug or if I am doing something incorrectly? Thanks, Dale ________________________________ Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1, Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. ________________________________ Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1, Forge End, Woking, Surrey, GU21 6DB.
