Dale, can you send across screenshot of the policy as well as what audit is showing for this transaction ?
> On May 6, 2015, at 5:51 AM, Bradman, Dale <[email protected]> wrote: > > I’m fairly certain that authToLocal is configured properly. Issuing the > command: > > $ hdfs groups user1 > > Returns: > > user1: user1 group1 > > >> On 5 May 2015, at 18:34, Don Bosco Durai <[email protected]> wrote: >> >> Dale, have you configured authToLocal properly in Hadoop? >> >> Can you try this? >> >> $ hdfs groups user1 >> >> Thanks >> >> Bosco >> >> >> From: <Bradman>, Dale <[email protected]> >> Reply-To: "[email protected]" >> <[email protected]> >> Date: Tuesday, May 5, 2015 at 5:57 AM >> To: "[email protected]" <[email protected]> >> Subject: Cannot define HBase policy by groups >> >>> Hello, >>> >>> I am struggling to create policies on HBase defined by a group. Here is >>> what I have done: >>> >>> 1. I create a UNIX user “user1” and add this user to the group “group1”. >>> 2. Ranger UI syncs with UNIX and shows “user1” as an external user >>> belonging to the group “group1”. Also, “group1” is automatically created as >>> a new internal group in the groups section. >>> 3. I create a HBase policy in RangerUI granting “user1” READ permissions on >>> all HBase tables. As expected, “user1” is able to read the tables. >>> 4. I then edit the same policy by also granting “group1” READ permissions >>> on all HBase tables. As expected, “user1” is able to read the tables. >>> 5. I then edit the same policy by removing “user1” entirely thus leaving >>> only “group1” with READ permissions. Now, “user1” is unable to read the >>> tables despite being a member of “group1” >>> >>> So essentially, what I want to be able to do is assign multiple users to >>> “group1” and grant “group1” read access on tables. >>> >>> Can anyone clarify if this is a bug or if I am doing something incorrectly? >>> >>> Thanks, >>> Dale >>> >>> >>> Capgemini is a trading name used by the Capgemini Group of companies which >>> includes Capgemini UK plc, a company registered in England and Wales >>> (number 943935) whose registered office is at No. 1, Forge End, Woking, >>> Surrey, GU21 6DB. >>> This message contains information that may be privileged or confidential >>> and is the property of the Capgemini Group. It is intended only for the >>> person to whom it is addressed. If you are not the intended recipient, you >>> are not authorized to read, print, retain, copy, disseminate, distribute, >>> or use this message or any part thereof. If you receive this message in >>> error, please notify the sender immediately and delete all copies of this >>> message. > > > > Capgemini is a trading name used by the Capgemini Group of companies which > includes Capgemini UK plc, a company registered in England and Wales (number > 943935) whose registered office is at No. 1, Forge End, Woking, Surrey, GU21 > 6DB.
