Hi Julien, Please find the answers.
Thanks, Ramesh On Feb 17, 2015, at 4:27 AM, Julien Carme <[email protected]> wrote: > Hello, > > I have been playing with Apache Ranger for some time and there are are some > things that are still puzzling me: > > - With the HDFS plugin, it seems that rights are given when Ranger rights OR > standard hadoop rights are provided. For example, a directory with 755 rights > will always be readable by everyone, whatever Ranger says. Therefore, to have > ranger actually controlling the rights of a directory, there is a need to > chmod 700 this directory. Is that the expected behavior? Ramesh : Hadoop ACL will be in effective over Ranger ACL. So what you are seeing is right behavior. > > - Hive plugin works great for hiveserver access, however the direct use of > hive command line client does not take Ranger rights into account. Is that a > feature? Is it planned to change in the future? Ranger Supports only HiveServer2. Hive CLI cannot be supported by Ranger because of its security vulnerability. You can always by pass the security here in Hive CLI by having different conf file. This is documented. > > I might have missed a documentation that would explain all that. > > Regards, > > Julien -- CONFIDENTIALITY NOTICE NOTICE: This message is intended for the use of the individual or entity to which it is addressed and may contain information that is confidential, privileged and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any printing, copying, dissemination, distribution, disclosure or forwarding of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and delete it from your system. Thank You.
