Senthil, Is audit enabled for the Yarn Ranger policies you created, is there audit showing up for the operation you do. By default if Ranger cannot make decision on the authorization it falls back to Yarn ACL and that gives the permission. Please verify if audit is present and also YARN ACL is on.
Regards, Ramesh From: Senthil <senthi...@gmail.com<mailto:senthi...@gmail.com>> Reply-To: "user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" <user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>> Date: Tuesday, February 2, 2016 at 12:06 AM To: "user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" <user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>> Subject: Ranger + YARN Not working with HDP 2.3 I tried using Ranger with YARN without any success. I used HDP 2.3. After installing ranger, enabled it in HDFS and YARN. Using Ambari Yarn Queue Manager (Ambari View) created two additional queues namely miner and other. Using Ranger Policy UI, I gave permission to user david to submit job only in miner queue. However user david can post job in both miner and other queue. Below is the Scheduler config for YARN from Ambari dashboard. How do i configure ranger so that david can post jobs only in miner queue and not in anyother queue. Thanks for your help yarn.scheduler.capacity.maximum-am-resource-percent=0.2 yarn.scheduler.capacity.maximum-applications=10000 yarn.scheduler.capacity.node-locality-delay=40 yarn.scheduler.capacity.queue-mappings-override.enable=false yarn.scheduler.capacity.root.accessible-node-labels=* yarn.scheduler.capacity.root.acl_administer_queue=yarn yarn.scheduler.capacity.root.capacity=100 yarn.scheduler.capacity.root.default.acl_administer_queue=yarn yarn.scheduler.capacity.root.default.acl_submit_applications=yarn yarn.scheduler.capacity.root.default.capacity=20 yarn.scheduler.capacity.root.default.maximum-capacity=100 yarn.scheduler.capacity.root.default.state=RUNNING yarn.scheduler.capacity.root.default.user-limit-factor=1 yarn.scheduler.capacity.root.miner.acl_administer_queue=* yarn.scheduler.capacity.root.miner.acl_submit_applications=* yarn.scheduler.capacity.root.miner.capacity=40 yarn.scheduler.capacity.root.miner.maximum-capacity=53 yarn.scheduler.capacity.root.miner.minimum-user-limit-percent=100 yarn.scheduler.capacity.root.miner.ordering-policy=fifo yarn.scheduler.capacity.root.miner.state=RUNNING yarn.scheduler.capacity.root.miner.user-limit-factor=1 yarn.scheduler.capacity.root.other.acl_administer_queue=* yarn.scheduler.capacity.root.other.acl_submit_applications=* yarn.scheduler.capacity.root.other.capacity=40 yarn.scheduler.capacity.root.other.maximum-capacity=50 yarn.scheduler.capacity.root.other.minimum-user-limit-percent=100 yarn.scheduler.capacity.root.other.ordering-policy=fifo yarn.scheduler.capacity.root.other.state=RUNNING yarn.scheduler.capacity.root.other.user-limit-factor=1 yarn.scheduler.capacity.root.queues=default,miner,other - Senthil
