Good suggestion. HDFS fallback permission does create confusion for users, it is better to restrict it to certain folders
There is a still an issue of figuring our existing permissions for a given folder/file. We should include a separate JIRA to modify our reporting tool to give accurate picture on existing permissions for HDFS files/folders. In this case, Ranger should interpret both HDFS and Ranger permissions for folder where fallback is allowed. On Mon, Oct 12, 2015 at 3:14 PM, Don Bosco Durai (JIRA) <[email protected]> wrote: > Don Bosco Durai created RANGER-693: > -------------------------------------- > > Summary: HDFS folder permission exclusively managed my Ranger > Key: RANGER-693 > URL: https://issues.apache.org/jira/browse/RANGER-693 > Project: Ranger > Issue Type: Improvement > Affects Versions: 0.5.1 > Reporter: Don Bosco Durai > Fix For: 0.6.0 > > > In HDFS plugin, if there are no policies for the file/folder, then Ranger > falls backs to HDFS file/folder permission. > > While this is very convenient, but in some cases it is desirable that only > Ranger manages the policies. Good examples are folders like > /apps/hive/warehouse or some user folders where it is better that Ranger > manages the entire permission. > > One suggestion is to mark folders which will be managed by Ranger. For > these folders, ignore all permissions and ownership set at the HDFS > file/folder level. > > This will be a very useful feature for Ranger. > > > > > -- > This message was sent by Atlassian JIRA > (v6.3.4#6332) >
