Re: doAs() with Ranger HBase plugin

2015-12-17 Thread Madhan Neethiraj
Chris, >> When we run the application any user supplied in the doAsUser will >> successfully write to HBase even if no policy is defined in Ranger for that >> user. When I look in the audit logs it is the application service user that >> is being recorded as making the writes. Details in audit

Re: HDFS-plugin does nothing

2015-12-17 Thread Margus Roo
Thanks. Can you point out configuration or documentation where this is more detailed described? Br Margus (margusja) Roo http://margus.roo.ee skype: margusja +372 51 48 780 On 17/12/15 21:33, Don Bosco Durai wrote: Also, don’t forget to change your umask to 077 or 007. This email thread as l

Re: HDFS-plugin does nothing

2015-12-17 Thread Don Bosco Durai
Also, don’t forget to change your umask to 077 or 007. This email thread as lot of context: https://www.mail-archive.com/user@ranger.incubator.apache.org/msg00719.html Bosco From: Margus Roo Reply-To: Date: Thursday, December 17, 2015 at 5:12 AM To: Subject: Re: HDFS-plugin does nothin

Re: doAs() with Ranger HBase plugin

2015-12-17 Thread Don Bosco Durai
Chris Ranger plugin uses the same user/group made available by the component. So in your case, Hbase is getting the service user, which I assume is you “springboot” app user. You might want to do couple of things: Check Hbase logs to see if there are any errors (like impersonation not allowed

Re: Queries on the developement for a new custom plugin

2015-12-17 Thread Madhan Neethiraj
Aruna, >> However, the policyId still shows blank. Is this the right behavior? Ranger populates policyId field in audit log only when that policy makes the authorization decision – either allow or deny. In this particular case, no policy explicitly allowed or denied the access. The end result i

doAs() with Ranger HBase plugin

2015-12-17 Thread Chris Gent
Hi, For a client we're building a system that calls the HBase Java API from within our own springboot app. The goal is to be able to audit and authorize data access to the various user requests being made against HBase (possibly down to column family level) using Ranger. The solution is based on

Re: HDFS-plugin does nothing

2015-12-17 Thread Margus Roo
Tnx - clear Margus (margusja) Roo http://margus.roo.ee skype: margusja +372 51 48 780 On 17/12/15 15:07, Selvamohan Neethiraj wrote: Please do NOT change permission to 000 for all files. You should do it only to your own application folders and/or well-known folders. Thanks, Selva- On Dec 1

Re: HDFS-plugin does nothing

2015-12-17 Thread Selvamohan Neethiraj
Please do NOT change permission to 000 for all files. You should do it only to your own application folders and/or well-known folders. Thanks, Selva- On Dec 17, 2015, at 7:56 AM, Margus Roo mailto:mar...@roo.ee>> wrote: Found solution. Basically helped hdfs dfs -chmod -R 000 /user/margusja an

Re: HDFS-plugin does nothing

2015-12-17 Thread Margus Roo
Found solution. Basically helped hdfs dfs -chmod -R 000 /user/margusja and now Ranger took over. So how to disable Hadoop HDFS built in authorization? Or I have to chmod -R 000 / ? Margus (margusja) Roo http://margus.roo.ee skype: margusja +372 51 48 780 On 17/12/15 14:30, Margus Roo wrote: H

Re: HDFS-plugin does nothing

2015-12-17 Thread Margus Roo
This is my policy cache { "serviceName": "Arendus_hadoop", "serviceId": 5, "policyVersion": 11, "policyUpdateTime": "20151217-12:39:59.171-+0200", "policies": [ { "service": "Arendus_ha

Re: HDFS-plugin does nothing

2015-12-17 Thread Margus Roo
Hi thanks for answer. At the moment margusja is in group margusja [margusja@hadoopnn2 ~]$ id margusja uid=1016(margusja) gid=1016(margusja) groups=1016(margusja) Margus (margusja) Roo http://margus.roo.ee skype: margusja +372 51 48 780 On 17/12/15 14:25, lukas nalezenec wrote: Hi, I solved th

Re: HDFS-plugin does nothing

2015-12-17 Thread lukas nalezenec
Hi, I solved this problem last week. I am also using SIMPLE auth. If you are solving the same problem then after removing user margusja from group hdfs it should work. Lukas 2015-12-17 13:20 GMT+01:00 Margus Roo : > Hi > > I am new Ranger user and perhaps I did something wrong. > > Installed Ran

HDFS-plugin does nothing

2015-12-17 Thread Margus Roo
Hi I am new Ranger user and perhaps I did something wrong. Installed Ranger via Ambari. I can log into Ranger UI and all Unix local users are synced and there is configuration under HDFS resource and test connection gives OK. I can see loads of hdfs@... records with 200 under audit plugins ta

Re: HBase test cases

2015-12-17 Thread Aneela Saleem
Hi Lune! Exclude from Allow condition is mentioned to disallow mike to write in a column. This means All users of group datascientist and user roger has all permissions but user mike is now allowed to write. For further details read from here