Dale, have you configured authToLocal properly in Hadoop? Can you try this?
$ hdfs groups user1 Thanks Bosco From: <Bradman>, Dale <[email protected]> Reply-To: "[email protected]" <[email protected]> Date: Tuesday, May 5, 2015 at 5:57 AM To: "[email protected]" <[email protected]> Subject: Cannot define HBase policy by groups > Hello, > > I am struggling to create policies on HBase defined by a group. Here is what I > have done: > > 1. I create a UNIX user ³user1² and add this user to the group ³group1². > 2. Ranger UI syncs with UNIX and shows ³user1² as an external user belonging > to the group ³group1². Also, ³group1² is automatically created as a new > internal group in the groups section. > 3. I create a HBase policy in RangerUI granting ³user1² READ permissions on > all HBase tables. As expected, ³user1² is able to read the tables. > 4. I then edit the same policy by also granting ³group1² READ permissions on > all HBase tables. As expected, ³user1² is able to read the tables. > 5. I then edit the same policy by removing ³user1² entirely thus leaving only > ³group1² with READ permissions. Now, ³user1² is unable to read the tables > despite being a member of ³group1² > > So essentially, what I want to be able to do is assign multiple users to > ³group1² and grant ³group1² read access on tables. > > Can anyone clarify if this is a bug or if I am doing something incorrectly? > > Thanks, > Dale > > > > Capgemini is a trading name used by the Capgemini Group of companies which > includes Capgemini UK plc, a company registered in England and Wales (number > 943935) whose registered office is at No. 1, Forge End, Woking, Surrey, GU21 > 6DB. > This message contains information that may be privileged or confidential and > is the property of the Capgemini Group. It is intended only for the person to > whom it is addressed. If you are not the intended recipient, you are not > authorized to read, print, retain, copy, disseminate, distribute, or use this > message or any part thereof. If you receive this message in error, please > notify the sender immediately and delete all copies of this message.
