Re: Deleting users
There is an API, but few referential constraints need to be addressed. There are couple of JIRAs tracking it. https://issues.apache.org/jira/browse/RANGER-205 https://issues.apache.org/jira/browse/RANGER-204 If it is a new install, then better to drop the database and recreate it. Else, if it is in production, we could work on a temporary SQL script. Let me know. Thanks Bosco From: , Dale Reply-To: "user@ranger.incubator.apache.org" Date: Wednesday, April 29, 2015 at 8:43 AM To: "user@ranger.incubator.apache.org" Subject: Re: Deleting users > Yes exactly. So obviously it's easy to create the internal user (via Ranger > UI) but there is nowhere to actually delete them. Is this setup like this for > a reason? > > Thanks > > > Sent from my Samsung Galaxy smartphone. > > > Original message > From: Don Bosco Durai > Date:29/04/2015 16:39 (GMT+00:00) > To: user@ranger.incubator.apache.org > Cc: > Subject: Re: Deleting users > > Dale, do you want to delete some users which you created using the Ranger > UI? > > Thanks > > Bosco > > > On 4/29/15, 5:40 AM, "Bradman, Dale" wrote: > >> >Is it possible to delete internal users through Ranger? >> > >> > >> > >> >Capgemini is a trading name used by the Capgemini Group of companies >> >which includes Capgemini UK plc, a company registered in England and >> >Wales (number 943935) whose registered office is at No. 1, Forge End, >> >Woking, Surrey, GU21 6DB. >> >This message contains information that may be privileged or confidential >> >and is the property of the Capgemini Group. It is intended only for the >> >person to whom it is addressed. If you are not the intended recipient, >> >you are not authorized to read, print, retain, copy, disseminate, >> >distribute, or use this message or any part thereof. If you receive this >> >message in error, please notify the sender immediately and delete all >> >copies of this message. >> > > > > > > > Capgemini is a trading name used by the Capgemini Group of companies which > includes Capgemini UK plc, a company registered in England and Wales (number > 943935) whose registered office is at No. 1, Forge End, Woking, Surrey, GU21 > 6DB.
Re: Deleting users
Yes exactly. So obviously it's easy to create the internal user (via Ranger UI) but there is nowhere to actually delete them. Is this setup like this for a reason? Thanks Sent from my Samsung Galaxy smartphone. Original message From: Don Bosco Durai Date:29/04/2015 16:39 (GMT+00:00) To: user@ranger.incubator.apache.org Cc: Subject: Re: Deleting users Dale, do you want to delete some users which you created using the Ranger UI? Thanks Bosco On 4/29/15, 5:40 AM, "Bradman, Dale" wrote: >Is it possible to delete internal users through Ranger? > > > >Capgemini is a trading name used by the Capgemini Group of companies >which includes Capgemini UK plc, a company registered in England and >Wales (number 943935) whose registered office is at No. 1, Forge End, >Woking, Surrey, GU21 6DB. >This message contains information that may be privileged or confidential >and is the property of the Capgemini Group. It is intended only for the >person to whom it is addressed. If you are not the intended recipient, >you are not authorized to read, print, retain, copy, disseminate, >distribute, or use this message or any part thereof. If you receive this >message in error, please notify the sender immediately and delete all >copies of this message. > Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1, Forge End, Woking, Surrey, GU21 6DB.
Re: Troubles with HDFS policies
Check hdfs dfs -ls $folderName. In the case of HDFS, if Ranger doesn¹t find any permission in it¹s policy database, then it falls back to HDFS permission check. So make sure in the HDFS level, you have 700 or even 000 for the given folder and manage all the permissions via Ranger. We recommend pick all relevant folders (e.g Hive data warehouse folder) and do hdfs dfs -chown -R hdfs:hdfs $folderName and hdfs dfs chmod 000 R $folderName. Please note, falling back to native permission is only available in HDFS. There is a switch to turn it off, but you have to be cautious when using it. Thanks Bosco From: Chanel Loïc Reply-To: "user@ranger.incubator.apache.org" Date: Wednesday, April 29, 2015 at 5:24 AM To: "user@ranger.incubator.apache.org" Subject: Troubles with HDFS policies > Hi All, > > As I am trying to set a Hadoop secured cluster with Ranger, I encountered some > troubles. > The principal one consists in the fact that even if I have no rights to read, > write or execute files in a directory, I still can execute a ls command (hdfs > dfs ls /testdir) showing me the files that I should not be able to read, or > even see. I can even see the file contents by making a cat on these files > (hdfs dfs cat /testdir/testfile) that I should not be able to read, which is > even more problematic to me. > In parallel, I am not able to put any files in the directory (Permission > denied for hdfs dfs put myotherfile /testdir/myotherfile), which makes me > think the policies are correctly set. > > Does that sound quite normal to you ? Do you see a solution to make sure my > user toto cannot see what is in the repository of my user tata ? > Thanks for your help, > > > Loïc Chanel > > > > Ce message et les pièces jointes sont confidentiels et réservés à l'usage > exclusif de ses destinataires. Il peut également être protégé par le secret > professionnel. Si vous recevez ce message par erreur, merci d'en avertir > immédiatement l'expéditeur et de le détruire. L'intégrité du message ne > pouvant être assurée sur Internet, la responsabilité de Worldline ne pourra > être recherchée quant au contenu de ce message. Bien que les meilleurs efforts > soient faits pour maintenir cette transmission exempte de tout virus, > l'expéditeur ne donne aucune garantie à cet égard et sa responsabilité ne > saurait être recherchée pour tout dommage résultant d'un virus transmis. > > This e-mail and the documents attached are confidential and intended solely > for the addressee; it may also be privileged. If you receive this e-mail in > error, please notify the sender immediately and destroy it. As its integrity > cannot be secured on the Internet, the Worldline liability cannot be triggered > for the message content. Although the sender endeavours to maintain a computer > virus-free network, the sender does not warrant that this transmission is > virus-free and will not be liable for any damages resulting from any virus > transmitted.
Re: Deleting users
Dale, do you want to delete some users which you created using the Ranger UI? Thanks Bosco On 4/29/15, 5:40 AM, "Bradman, Dale" wrote: >Is it possible to delete internal users through Ranger? > > > >Capgemini is a trading name used by the Capgemini Group of companies >which includes Capgemini UK plc, a company registered in England and >Wales (number 943935) whose registered office is at No. 1, Forge End, >Woking, Surrey, GU21 6DB. >This message contains information that may be privileged or confidential >and is the property of the Capgemini Group. It is intended only for the >person to whom it is addressed. If you are not the intended recipient, >you are not authorized to read, print, retain, copy, disseminate, >distribute, or use this message or any part thereof. If you receive this >message in error, please notify the sender immediately and delete all >copies of this message. >
Deleting users
Is it possible to delete internal users through Ranger? Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1, Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
Troubles with HDFS policies
Hi All, As I am trying to set a Hadoop secured cluster with Ranger, I encountered some troubles. The principal one consists in the fact that even if I have no rights to read, write or execute files in a directory, I still can execute a ls command (hdfs dfs -ls /testdir) showing me the files that I should not be able to read, or even see. I can even see the file contents by making a cat on these files (hdfs dfs -cat /testdir/testfile) that I should not be able to read, which is even more problematic to me. In parallel, I am not able to put any files in the directory (Permission denied for hdfs dfs -put myotherfile /testdir/myotherfile), which makes me think the policies are correctly set. Does that sound quite normal to you ? Do you see a solution to make sure my user toto cannot see what is in the repository of my user tata ? Thanks for your help, Loïc Chanel Ce message et les pièces jointes sont confidentiels et réservés à l'usage exclusif de ses destinataires. Il peut également être protégé par le secret professionnel. Si vous recevez ce message par erreur, merci d'en avertir immédiatement l'expéditeur et de le détruire. L'intégrité du message ne pouvant être assurée sur Internet, la responsabilité de Worldline ne pourra être recherchée quant au contenu de ce message. Bien que les meilleurs efforts soient faits pour maintenir cette transmission exempte de tout virus, l'expéditeur ne donne aucune garantie à cet égard et sa responsabilité ne saurait être recherchée pour tout dommage résultant d'un virus transmis. This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Worldline liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted.