Re: Unable to connect to S3 after enabling Ranger with Hive

2017-01-05 Thread Selvamohan Neethiraj
---+--+ | hive.security.authorization.sqlstd.confwhitelist.append=|fs\.s3a\..*|fs\.s3n\..* | | +----+--+ Thanks Selva for the quick help. On Mon, Dec 19, 2016 at 5:29 PM, Selvamohan Neethiraj wrote: Hi, Can you try appending the following s

Re: Ranger database setup in AWS Aurora database.

2017-01-05 Thread Selvamohan Neethiraj
I believe, the admin user used here 'dbm'@‘%’ did not have permission ‘WITH GRANT OPTION’ … So, the admin user will be able to do everything except he/she will not be able to GRANT permission to other users. Let me know if this is not the actual issue here in AWS Aurora db …. Thanks, Selva F

Re: Unable to connect to S3 after enabling Ranger with Hive

2017-01-05 Thread Selvamohan Neethiraj
-+--+ |set | ++--+ | hive.security.authorization.sqlstd.confwhitelist.append=|fs\.s3a\..*|fs\.s3n\..* | | ++--+ Thanks Selva for the quick help. On Mon, Dec 19, 2016 at 5:29 PM, Selvamohan Neethiraj

Re: Unable to connect to S3 after enabling Ranger with Hive

2016-12-19 Thread Selvamohan Neethiraj
n, Dec 19, 2016 at 3:12 PM, Selvamohan Neethiraj wrote: Hi, Can you also post here the value for the following two parameters: hive.security.authorization.sqlstd.confwhitelist hive.security.authorization.sqlstd.confwhitelist.append Thanks, Selva- From: Anandha L Ranga

Re: Unable to connect to S3 after enabling Ranger with Hive

2016-12-19 Thread Selvamohan Neethiraj
are allowed to be modified at runtime (state=42000,code=1) On Mon, Dec 19, 2016 at 2:47 PM, Selvamohan Neethiraj wrote: Hi, Which version of Hive and Ranger are you using ? Can you check if Ranger has added hiveserver2 parameters hive.conf.restricted.list,hive.security.command.whitelist in

Re: Unable to connect to S3 after enabling Ranger with Hive

2016-12-19 Thread Selvamohan Neethiraj
Hi, Which version of Hive and Ranger are you using ? Can you check if Ranger has added hiveserver2 parameters hive.conf.restricted.list,hive.security.command.whitelist in the hive configuration file(s) ? Can you please list out these parameter values here ? Thanks, Selva- From: Anandha L

Re: Hive Plugin - Unable to execute SQL [show databases like "*"

2016-06-15 Thread Selvamohan Neethiraj
Hi Dale, Do you have any ranger policy granting permission for any database/table/column objects for dale ? You need some permission on database to be able to list the database using ‘SHOW DATABASES’ command. Please add a policy to grant permission to VIEW some table in the default database a

Re: Informationn about properties of Ranger

2016-04-20 Thread Selvamohan Neethiraj
Hi Dilli, As you are one of the persons worked on the usersync module in ranger, you might already know this. The service running within the usersync provides UNIX password based authentication for RANGER-ADMIN UI (using a JAAS via SSL based connection to this service from Ranger Admin UI). Th

Re: Securing Hive inserts

2016-04-15 Thread Selvamohan Neethiraj
Thanks Colm. I also verified that the issue exists. This may be a due to the way Hive is handling access verification for temporary tables. I will some more digging to find the right solution for this … In the meanwhile, can you please open a RANGER bug to identify/fix this issue? Thanks, Selva

Proposal to support SOLR for short-term audit - remove support for database audit in the upcoming release ...

2016-01-29 Thread Selvamohan Neethiraj
As the size of audits are keep increasing, number of users are facing issues related to space and/or truncation of audit logs in the database. In the last ranger release, Apache SOLR is set as the default choice for short-term audit, which provides data for reports in the ranger-admin UI and t

Re: HDFS-plugin does nothing

2015-12-17 Thread Selvamohan Neethiraj
Please do NOT change permission to 000 for all files. You should do it only to your own application folders and/or well-known folders. Thanks, Selva- On Dec 17, 2015, at 7:56 AM, Margus Roo mailto:mar...@roo.ee>> wrote: Found solution. Basically helped hdfs dfs -chmod -R 000 /user/margusja an

Re: Ranger 0.5 Source location

2015-11-20 Thread Selvamohan Neethiraj
Hanish: The ranger-0.5.0 release information is available in the mail thread (Voting Thread Link): URL to get the release tag (ranger-0.5.0-rc3): https://git-wip-us.apach

Re: Issue while enabling hbase plugin

2015-10-11 Thread Selvamohan Neethiraj
Can you try setting up hbase.superuser param in the hbase-site.xml to root and retry the hbase startup ? Thanks, Selva- Sent from Outlook On Sun, Oct 11, 2015 at 1:23 PM -0700, "Aneela Saleem" mailto:ane...@platalytics.com>> wrote: Hi! Issue is not solved by adding pe

Re: Issues with usersync (LDAPS certificate not validated)

2015-10-06 Thread Selvamohan Neethiraj
F96D188537740 F30621A58484E8BF6E03 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1444161895 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- DONE On Mon, Oct 5, 2015 at 10:22 PM, Selvamohan

Re: Issues with usersync (LDAPS certificate not validated)

2015-10-05 Thread Selvamohan Neethiraj
Aneela: To verify the certificate (chain), can you run the following command and send us the output of the command ? $ openssl s_client -showcerts -connect platalytics.com:636 < /dev/null Thanks, Selva- From: Aneela Saleem mailto:ane...@platalytics.com>> Reply

Re: XA secure v/s Ranger

2015-07-08 Thread Selvamohan Neethiraj
XASecure was name of the Hadoop Security product before it got officially named in Apache as Ranger. In other words, XASecure is a pre-apache version of the ³Apache Ranger". Thanks, Selva- From: Trainee Bingo Reply-To: "user@ranger.incubator.apache.org" Date: Wednesday, July 8, 2015 at 8:40

Re: Ranger Policies are overridden by HDFS ACL's

2015-06-30 Thread Selvamohan Neethiraj
Hi: In XASecure, the XA authorizer is designed to delegate the authorization to default HDFS authorization if XASecure policies are not granting access. The fall back to default HDFS authorization can be stopped by changing a XA configuration; However, our recommendation is not to change the speci

Re: Plan to support hive 1.0.0

2015-04-07 Thread Selvamohan Neethiraj
As we are working towards supporting the latest version of (stable) component release, we will be supporting 1.+ hive version on the upcoming Ranger release - 0.5.0. Thanks, Selva- > On Feb 5, 2015, at 9:27 AM, Hanish Bansal wrote: > > Hi all, > > As hive 1.0.0 version has been released so

Re: Not able to create group with dot character

2015-04-07 Thread Selvamohan Neethiraj
Thanks Hanish, Can you please create a JIRA for this issue? Also, would you be interested in contributing to the Apache Ranger? Thanks, Selva- > On Apr 8, 2015, at 1:25 AM, Hanish Bansal wrote: > > Thanks Don for quick response ! > > This JIRA https://issues.apache.org/jira/browse/RANGER-3

Re: Why is Apache Ranger called Ranger ?

2015-03-12 Thread Selvamohan Neethiraj
Hi Asif Abbasi: There were few other products (non-Apache) seems to be using the name Argus. That caused the team to select an alternate name, Ranger Š. Thanks, Selva- From: Muhammad Asif Abbasi Reply-To: "user@ranger.incubator.apache.org" Date: Thursday, March 12, 2015 at 10:18 AM To: "us

Re: Group permissions in Hive policies

2015-03-02 Thread Selvamohan Neethiraj
Philippe: Yes, we have validated permission defined at group level. When the Hive query is executed by HiveServer2, the groups associated with the login user is derived based on the Hadoop Group Mapping defined in the coe-site.xml (hadoop.security.group.mapping). You can use the following commands

Re: Multiple repository creation for single cluster.

2015-01-23 Thread Selvamohan Neethiraj
tion for it. Let me know your thoughts. Thanks & Regards, Shrey Mehrotra Senior Software Engineer, iLabs Impetus Infotech Pvt. Ltd. From: Selvamohan Neethiraj [mailto:sneet...@apache.org] Sent: Friday, January 23, 2015 8:53 PM To: user@ranger.incubator.apache.org; d...@ranger.incubato

Re: Multiple repository creation for single cluster.

2015-01-23 Thread Selvamohan Neethiraj
Hi Shrey: You raise a valid point here. The indent for creation of multiple repositories was to support multiple cluster from a single RANGER-ADMIN UI. For example, the RANGER-ADMIN UI should be able to store policies for hadoopdev as well as hadooptest clusters. Instead of hosting a separate

Re: Ranger Admin Not Started

2014-12-17 Thread Selvamohan Neethiraj
Hi, Can you please post the access log for the Ranger Admin Server ? Thanks, Selva- On Dec 17, 2014, at 1:12 AM, Muthu Pandi wrote: > Am seeing this Repository name not found exception in xaautit logs, same > error is repeating every 30 sec or 1 minute. I can see the Agent in Ranger > cons

Re: Ranger HBase plugin error

2014-12-11 Thread Selvamohan Neethiraj
Hi Hanish, Are you running region server as ‘root’ ? If you run it as ‘hbase’ user, you may be able to overcome this issue. hbase user should be specified in “hbase.superuser” property in the hbase-site.xml .. hbase.superuser hbase List of users or groups (

Re: Not able to perform hdfs operation after enabling hdfs plugin of ranger

2014-12-10 Thread Selvamohan Neethiraj
Thanks Hanish for the feedback on the library settings We will document these in the Wiki soon ... The parameter "xasecure.add-hadoop-authorization" will allow Ranger Authorization to fall back to HDFS authorization ONLY IF RANGER could not provide you with requested access on the requeste

Re: Source code not compilable

2014-12-09 Thread Selvamohan Neethiraj
Hi, The compilation issue was due to a change in HBase library (since we referred SNAPSHOT libraries). We are working on a another short release (Ranger 0.4.1) to fix this compilation issue. In the meanwhile, your source code change is the right approach to continue build & deploy ... Thanks,

Proposal for Apache Ranger - 0.4.1 Release to fix compilation issues related to SNAPSHOT libraries ...

2014-12-08 Thread Selvamohan Neethiraj
All: As Ranger 0.4.0 has a compilation issue related to SNAPSHOT libraries from Hive and HBase, I am proposing to do a quick fix to this problem and do a release as 0.4.1 from the ranger-0.4 branch. The fix will use Hive 0.14.1 (as current Hive 0.14.0 release jar has some dependencies with oth

Re: Location for storing example code and tutorials...

2014-12-07 Thread Selvamohan Neethiraj
I prefer to keep the Structure/Docs in the Apache Ranger GIT Repo itself (Already checked in in to git://git.apache.org/incubator-ranger.git/docs) and have it updated to the doc site, http://ranger.incubator.apache.org. However, some of the dynamic content about the project could be done in the