Repository: incubator-hawq-docs Updated Branches: refs/heads/feature/ranger-integration b3511b36e -> 458524cc7
add warning to enable/disable Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/commit/458524cc Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/tree/458524cc Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/diff/458524cc Branch: refs/heads/feature/ranger-integration Commit: 458524cc785c4668a90abdac3107f79b5966296c Parents: b3511b3 Author: Lisa Owen <lo...@pivotal.io> Authored: Sat Mar 25 16:55:13 2017 -0700 Committer: Lisa Owen <lo...@pivotal.io> Committed: Sat Mar 25 16:55:13 2017 -0700 ---------------------------------------------------------------------- markdown/ranger/ranger-integration-config.html.md.erb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/458524cc/markdown/ranger/ranger-integration-config.html.md.erb ---------------------------------------------------------------------- diff --git a/markdown/ranger/ranger-integration-config.html.md.erb b/markdown/ranger/ranger-integration-config.html.md.erb index 34e1536..2031fae 100644 --- a/markdown/ranger/ranger-integration-config.html.md.erb +++ b/markdown/ranger/ranger-integration-config.html.md.erb @@ -87,7 +87,11 @@ The following procedures describe each configuration activity. 7. To validate connectivity between Ranger and HAWQ, access the Ranger Admin UI in Ambari, click the edit icon associated with the `hawq` service definition. Ensure that the Active Status is set to Enabled, and click the **Test Connection** button. You should receive a message that Ranger connected succesfully. If it fails to connect, edit your HAWQ connectivity properties directly in the Ranger Admin UI and re-test the connection. -## <a id="enable"></a>Step 2: Configure HAWQ to Use Ranger Policy Management +## <a id="enable"></a>Step 2: Configure HAWQ to Use Ranger Policy Management + +The default Ranger service definition for HAWQ assigns the HAWQ user (typically `gpadmin`) all privileges to all objects. + +**Warning**: If you enable HAWQ-Ranger authorization with only the default HAWQ service policies defined, other HAWQ users will have no privileges, even for HAWQ objects (databases, tables) that they own. 1. Select the **HAWQ** Service, and then select the **Configs** tab. 2. Select the **Advanced** tab, and then expand **Custom hawq-site**.