Where are the service users? We should have the ranger policy lookup user in the same place. And give this user the required permission in Ranger. That should do.
Bosco From: Arvind S <arvind18...@gmail.com> Reply-To: <user@ranger.incubator.apache.org> Date: Monday, November 16, 2015 at 8:23 PM To: <user@ranger.incubator.apache.org> Subject: Re: Question regarding "ranger policy User" for HDFS hive etc yes cluster is kerberized..and is already using AD. Cheers !! Arvind On Tue, Nov 17, 2015 at 2:11 AM, Don Bosco Durai <bo...@apache.org> wrote: Arvind Does your env as Kerberos? Bosco From: Arvind S <arvind18...@gmail.com> Reply-To: <user@ranger.incubator.apache.org> Date: Monday, November 16, 2015 at 2:34 AM To: <user@ranger.incubator.apache.org> Subject: Question regarding "ranger policy User" for HDFS hive etc My setup has ranger acquiring users from AD. I am setting up Ranger repositories and have a question on "ranger policy user(s)". Whats the suggested mechanism to setup the 'policy user(s)' .. >Are we to have these policy users created in AD ..import into Ranger and give >them exclusive permissions via ranger policies so that while others create >policy they would be able to get file/ table resources list ? > Or should we map these users using auth_to_rule into the respective service > accounts like 'hdfs' 'hive' etc ? Whats best for a production setup? Thanks & Cheers !! Arvind