Re: [ANNOUNCE] New committer: Colm O hEigeartaigh

Colm, great to have you onboard as a committer. On Tue, Apr 19, 2016 at 6:29 AM, Madhan Neethiraj wrote: > Ranger community, > > Apache Ranger (incubating) Podling Project Management Committee (PPMC) has > asked Colm O hEigeartaigh to become a committer and we are pleased to > announce that has

Re: Securing Hive inserts

Can you provide the full query you are running? What is this table " values__tmp__table__3" ? On Thu, Apr 14, 2016 at 4:09 PM, Colm O hEigeartaigh wrote: > Hi all, > > I have a policy that grants permissions Select + Update to all columns in > a table called "words" in a given database. However,

Re: A question relative to the ranger database

Audit data would have more bearing on the disk space than policy data stored in DB. You would need to make sure you can purge audit after regular intervals. Alternative is to use Solr and HDFS to store audit, Ranger UI can query from Solr. On Tue, Jan 12, 2016 at 11:45 AM, Madhan Neethiraj wrote:

Re: AD usersync - delete synced user after removed from AD

We should include the ability to delete users/groups through the Ranger UI. On Thu, Jan 7, 2016 at 1:07 PM, Don Bosco Durai wrote: > Marcus > > Deleting is a tricky thing. Since we can’t listen to AD delete events, the > only way to implement is during synchronous, if the user is not retrieved,

Fwd: Invitation: Apache Eagle: Secure Your Hadoop Data

FYI. For those interested in learning about Apache Eagle (incubating), please do attend this meetup in the Bay Area next week. -- Forwarded message -- From: Big Data Security and Data Governance Meetup Date: Fri, Nov 20, 2015 at 1:25 PM Subject: Invitation: Apache Eagle: Secure Yo

Re: Ranger 0.5 Source location

I think a dot release makes sense, +1 to your suggestion Bosco. @hanish, can you help us with any document fixes? I think the community can benefit from your inputs. @dilli, thanks for pointing to the email discussion thread. On Tue, Nov 17, 2015 at 3:34 PM, Don Bosco Durai wrote: > @Hanish, t

Re: [RANGER-274] tag-based policies feature implementation merged in master

Madhan, congratulation to you for leading the effort on building the important functionality. Thank you! On Wed, Oct 28, 2015 at 2:51 PM, Madhan Neethiraj < mneethi...@hortonworks.com> wrote: > All, > > Tag-based policies feature implementation is now merged in Apache Ranger > master branch (from

Re: [DISCUSS] Policy model enhancement to support deny-conditions and exceptions

project for CFO and > hence needs access to the budget data.* > > > Unless I am missing something, this use case is trivial. Won’t the > following two policies do? > >- Policy1 > - Allow: Finance >- Policy 2: > - Allow: Scott > >

Re: [DISCUSS] Policy model enhancement to support deny-conditions and exceptions

nks > - Alok > > From: Don Bosco Durai > Reply-To: "user@ranger.incubator.apache.org" < > user@ranger.incubator.apache.org> > Date: Friday, October 16, 2015 at 2:10 PM > To: "user@ranger.incubator.apache.org" > > Subject: Re: [DISCUSS] Policy mod

Re: [DISCUSS] Policy model enhancement to support deny-conditions and exceptions

users won’t know this feature exists. I would put a > band at the both of the policy edit page and put a link with “Deny feature > is disabled. Click here to enable it”. > > Thanks > > Bosco > > > From: Balaji Ganesan > Reply-To: > Date: Thursday, October 15, 20

Re: [DISCUSS] Policy model enhancement to support deny-conditions and exceptions

nance/invoice*/*” while determining access for a file named >> “/finance/invoice2015/vendor1.txt”? >> >> I think this approach would make the policy authoring very difficult and >> confusing, in addition to being not able to support certain scenarios like >> “deny at a highe

Re: [DISCUSS] Policy model enhancement to support deny-conditions and exceptions

), even if access might be > allowed at a lower level (for a table/column)”, “allow at a higher level, > but deny at a lower level). The current implementation (in tag-policy > branch of Ranger) is much less confusing and offers building blocks that > can be used to support more usecases and

Re: [DISCUSS] Policy model enhancement to support deny-conditions and exceptions

nied. > > Users who are not comfortable with the idea of “excludes” can continue to > use only allow and deny in the policies. Users who are comfortable with > “excludes” can choose to use it to simplify their policy management. > > Thanks, > Madhan > > From: Balaji Ganesan

Re: [DISCUSS] Policy model enhancement to support deny-conditions and exceptions

or group) or an employee joining/leaving the org, all > security policies have to be reviewed and updated.. Many ACLs support both > users and groups to alleviate this issue. > > > From: Balaji Ganesan > Reply-To: "user@ranger.incubator.apache.org" > Date: Tuesday

Re: [DISCUSS] Policy model enhancement to support deny-conditions and exceptions

Madhan, Fantastic job in putting together in the wiki. Thank you. We clearly need to show case use cases for deny exclude and allow exclude. In my opinion it is very confusing to user to construct such a policy <> In the wiki, we have created a "deny" policy for intern group and an exception for

Re: Bossie Awards 2015 - Apache Ranger one of the best open source big data tools...

Great achievement. Kudos to the Ranger community!! On Mon, Oct 12, 2015 at 9:45 PM, Don Bosco Durai wrote: > Updated subject :-) > > > > > On 10/12/15, 9:44 PM, "Don Bosco Durai" wrote: > > >Just found out that InfoWorld selected Apache Ranger as one of the best > open source big data tools by

Re: HBase group authroizations

<> What do you mean by groups are not defined precisely? Can you please elaborate? On Mon, Aug 24, 2015 at 8:46 AM, Loïc Chanel wrote: > Actually my problem went from the fact that the user identity is asserted > on the region server you are working on, and groups are not defined very > precise

Re: DISCUSS: Ranger-274 - Support for tag based policies

Resending my previous email. On Wed, Aug 12, 2015 at 7:41 AM, Balaji Ganesan wrote: > My responses inline > > On Tue, Aug 11, 2015 at 1:14 PM, Alok Lal wrote: > >> Please ignore the previous mail as its format got messed up making it >> hard for others to read (hopef

Re: DISCUSS: Ranger-274 - Support for tag based policies

n Bosco Durai" >of bo...@apache.org> wrote: > > > >>Added user mailing list. So others can also provide feedback. > >> > >>Thanks > >> > >>Bosco > >> > >>On 8/11/15, 1:05 AM, "Balaji Ganesan" > wrote: > >> > >>>I have added my initial thoughts here. > >>> > >>> > https://cwiki.apache.org/confluence/display/RANGER/Tag+based+policy+requ > >>>ir > >>>ements > >> > >> > >> > > >

Re: Use case for apache ranger and knox

Hafiz, you can find more information on Knox supported services here https://knox.apache.org/books/knox-0-6-0/user-guide.html#Service+Details @Alok, the Brussels Hadoop summit presentation is here

Re: Resource path wildcards

Not sure if the community has tested all possible combinations of regex in a path. Did you get a chance to test this in your environment? If it is not working, you should file a JIRA On Mon, Aug 10, 2015 at 9:27 AM, Bradman, Dale wrote: > Hi, > > To what extent should wild cards work for the res

Re: Missing documentation

< > vperias...@hortonworks.com > >> on > >> >behalf of v...@apache.org> wrote: > >> > > >> >>Abhay, > >> >> > >> >>I believe documentation on plugin model is added. > >> >> > >> > >>

Re: Rearranging Ranger Wiki pages ...

We need to have a strategy for > distributing the content and also making both the sites and easy to go > back and forth. > > Thanks > > Bosco > > > On 7/29/15, 9:27 AM, "Balaji Ganesan" wrote: > > >I think the Index page should be generic and not be tied to the

Re: Rearranging Ranger Wiki pages ...

I think the Index page should be generic and not be tied to the release. I am looking at https://cwiki.apache.org/confluence/display/Hive/Home or http://wiki.apache.org/hadoop/ for what some of top projects include in their wiki. The index page is probably the first page user would land and would

Re: Apache Ranger with CDH 5.4

There is a similar thread going in the user group started by Aneela Saleem, you can follow some of the instructions in the thread. Also, can you ensure the repository name you created in Ranger admin is the same one being configured for Ranger plugin? On Wed, Jul 29, 2015 at 8:27 AM, Sriharish Ko

Re: Unable to start HBase

Was the upgrade performed through Ambari? If yes, then it might be an issue with Ambari. Ambari should preserve the configuration value (in this case Ranger enabled for Hbase) while doing the upgrade. On Mon, Jul 27, 2015 at 11:41 AM, Bradman, Dale wrote: > It was installed using Ambari 2.0 an

Re: XA secure v/s Ranger

XA Secure technology is the base for Ranger. Obviously the community has worked together to enhance and add in lot of features. Not sure if it is an apples to apples comparison. On Wed, Jul 8, 2015 at 9:29 AM, Trainee Bingo wrote: > Is there any technical changes or difference? > On 8 Jul 2015 1

Re: Chaining 2 Ranger Plugins for Hive

To add to Bosco's point, you may want to refer to this JIRA https://issues.apache.org/jira/browse/RANGER-256 Ranger plugin has context enricher class which can be modified to add in custom REST service lookup as part of the authorization. https://github.com/apache/incubator-ranger/blob/master/sec

Re: hdfs user can bypass policy in ranger

the > encryption system and this activity is never logged in Ranger. > > Can we enable auditing for superusers? > > Thanks in advance! > > > On Thu, Jun 4, 2015 at 12:28 PM, Balaji Ganesan < > balaji.ganesa...@gmail.com> wrote: > >> Yes, best way to protect

Re: hdfs user can bypass policy in ranger

Yes, best way to protect sensitive data from admins would be to use encryption. For access control, HDFS does not call Ranger authorizer for superuser operations. Consequently, there is no access control enforced by Ranger nor there is Ranger audit. On Thu, Jun 4, 2015 at 6:17 AM, Suraj Nayak wro

Re: Cannot define HBase policy by groups

> On 7 May 2015, at 16:56, Balaji Ganesan > wrote: > > Can you run this command in all the nodes and let me know if it is > giving the same result? > > $ hdfs groups user1 > > On Thu, May 7, 2015 at 3:14 AM, Bradman, Dale > wrote: > >> Having the Ranger Po

Re: HBase policy problem at multiple-RegionServer

Did you enable Ranger HBase plugin in every region server ? On Thu, May 7, 2015 at 7:46 PM, 林家銘 wrote: > Hi > > I am trying the HBase ACL with Ranger. But I found a problem when I > have multiple RegionServers. > > In my case, > > Ranger-HBase-Plugin is at HMaster > table1 is at RegionServer1 >

Re: Cannot define HBase policy by groups

Dale, can you send across screenshot of the policy as well as what audit is showing for this transaction ? > On May 6, 2015, at 5:51 AM, Bradman, Dale wrote: > > I’m fairly certain that authToLocal is configured properly. Issuing the > command: > > $ hdfs groups user1 > > Returns: > > user

Re: Falcon support in Ranger

You should contact Hortonworks if you are interested in their roadmap. This user group is focused on Ranger and Ranger roadmap. I have not seen any Falcon related integration coming in this community, best would be for you to file a JIRA if you think it adds value. On Tue, Apr 14, 2015 at 11:25

Re: Query Nested or Array JSON

Wrong email group? Can you ask this question in Apache Drill user email list? On Wed, Apr 1, 2015 at 10:11 PM, Muthu Pandi wrote: > Hi All > > > Am new to the JSON format and exploring the same. I had used > Drill to analyse simple JSON files which work like a charm, but am not able >

Re: Hive admin user behavior

If the hive.server2.enable.doAs parameter is set to false, then the underlying jobs in HDFS are run as "hive" user. This is a better security model as the underlying HDFS file permissions can be set to be owned only by "hive" user and end user would not be able to access files directly without goin

Re: Error from "Test Connection" setting up ranger-knox-plugin in policy manager

We should look into that. Can you create a JIRA on this? Note that repository connection for resource name look up from the policy manager. You can still save the repository and start creating policies. On Tue, Mar 31, 2015 at 11:18 AM, Rich Haase wrote: > Could someone please explain to me th

Re: Create Repository test connection failing with HA service name, but succesfull with current active node

For any Hortonworks related queries, please contact forums or your contact within Hortonworks. This Apache Ranger forum is focused only on releases and fixes in Apache. Happy to help you with any questions related to Ranger work in the community. On Tue, Feb 10, 2015 at 9:25 PM, Sreeni wrote: >

Re: Issue with HDFS plugin

Julien, you should refer to HDP documentation when installing Ranger on HDP. Hortonworks provides HDP build in a different way, you can ask questions related to that in Hortonworks forums or through their support channel. On Mon, Feb 9, 2015 at 6:14 AM, Julien Carme wrote: > Thanks a lot for you

Re: Ranger with Ambari

Ambari and Ranger team are working on making this integration. It is available from Ambari 2.0.0 https://issues.apache.org/jira/browse/AMBARI-8949 On Tue, Feb 3, 2015 at 4:27 AM, Amith sha wrote: > As i tried out it is not possible to manage the Ranger in Ambari. > Hortonworks Supporting Ranger

Re: Wiki Documentation of Update policy

Pvt. Ltd. > -- > *From:* Balaji Ganesan > *Sent:* Thursday, January 29, 2015 7:24 AM > *To:* user@ranger.incubator.apache.org > *Subject:* Re: Wiki Documentation of Update policy > > Hanish, can you open a JIRA on this? I can give you permi

Re: Wiki Documentation of Update policy

Hanish, can you open a JIRA on this? I can give you permission to edit the Wiki page.. From: Hanish Bansal mailto:hanish.ban...@impetus.co.in>> Reply-To: "user@ranger.incubator.apache.org" mailto:user@ranger.incubator.apache.org>> Date: Wednesday, Janua

Re: Hive permission denied issue

Mahesh, can you give some more details on your scenario? * Are you using Hive client or Hiveserver2? * Can you provide the values in hive-site.xml and hiveserber2-site.xml in the /etc/hive/conf directory? From: Mahesh Sankaran mailto:sankarmahes...@gmail.com>> Reply-To: "user@ranger.in