On Thu, 11 Apr 2024 at 16:43, Philippe de Rochambeau <phi...@free.fr> wrote: > > Hello, > > Let's say a user has the following rights on HDFS (which are constrained > Apache Ranger): > > /prd/a/b/c <- read right > /prd/a/b/d <- read/write right > > I would like to get a broad picture of his/her complete access rights. > > I could look at the general policies in Apache Ranger and try to figure out > which apply to my user, but that's complicated. > > I wonder if there is another way (which ideally could be automated with a > script) roughly: > > - impersonate the user as, say, admin, with kinit; e.g. kinit <user>
I don't think this is what is considered "impersonating" the user. If you authenticate with kinit <user> you are not impersonating that user, you ARE/BECOME that user. > - scan all HDFS directories and try to read or write > > Does anyone have suggestions? > > PS I've asked similar questions on the Apache Ranger mailing list, but with > no success. > > Many thanks. > > Philippe > > > > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
