Hafiz, Few things to check: 1. Do you have another policy in Ranger that allows WRITE access? 2. Can you disable this policy and try mkdir?
Fixing the issue with audit will help; audit log will have the details of how the access was allowed (hadoop-acl or ranger-acl; in case of ranger-acl, the policy-ID that determined the access). Madhan From: Hafiz Mujadid <hafizmujadi...@gmail.com<mailto:hafizmujadi...@gmail.com>> Reply-To: "user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" <user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>> Date: Monday, November 30, 2015 at 6:16 AM To: "user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" <user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>> Subject: Re: Group level permission are not working in ranger Bosco, I have followed above steps 1. drwxr-xr-x - hduser hadoop 0 2015-11-30 18:49 /pg 2. changed the umask so newly created folder or files have following permissions d---rwxrwx - asma hadoop 0 2015-11-30 19:03 /pg/b 3. i changed the ownership of all folders in hdfs with hduser:hadoop 4. ran the command hdfs dfs -chmod -R 000 /pg but still group level permissions are not working. my audits are not working, i am trying to figure out the issue with audits. i will let you know when audits are available. thanks On Mon, Nov 30, 2015 at 7:13 PM, Hafiz Mujadid <hafizmujadi...@gmail.com<mailto:hafizmujadi...@gmail.com>> wrote: Bosco, I have followed above steps drwxr-xr-x - hduser hadoop 0 2015-11-30 18:49 /pg changed the umask so newly created folder or files have following permissions d---rwxrwx - asma hadoop 0 2015-11-30 19:03 /pg/b i changed the ownership of all folders in hdfs with hduser:hadoop but still group level permissions are not working. my audits are not working, i am trying to figure out the issue with audits. i will let you know when audits are available. thanks On Mon, Nov 30, 2015 at 9:34 AM, Don Bosco Durai <bo...@apache.org<mailto:bo...@apache.org>> wrote: Can you check Ranger Audits? Also, do couple of things: 1. hdfs dfs -ls /pg (check the HDFS level permissions) 2. In HDFS settngs, set the umask to 700 and restart name node. 3. hdfs dfs -chown hdfs:hdfs /pg 4. hdfs dfs -chmod -R 000 /pg For all user folders, e.g. /app/hive, do #3 and #4 as above. Bosco From: Hafiz Mujadid <hafizmujadi...@gmail.com<mailto:hafizmujadi...@gmail.com>> Reply-To: <user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>> Date: Sunday, November 29, 2015 at 8:29 PM To: <user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>> Subject: Re: Group level permission are not working in ranger Yes Bosco, directory is being created. On Mon, Nov 30, 2015 at 2:47 AM, Don Bosco Durai <bo...@apache.org<mailto:bo...@apache.org>> wrote: What is happening here? Is the directory getting created? Thanks Bosco From: Hafiz Mujadid <hafizmujadi...@gmail.com<mailto:hafizmujadi...@gmail.com>> Reply-To: <user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>> Date: Sunday, November 29, 2015 at 1:44 PM To: <user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>> Subject: Group level permission are not working in ranger Hi all I am trying to apply permission on an ldap group but it's not working [Inline image 1] But when i run following command HADOOP_USER_NAME=asma hdfs dfs -mkdir /pg/b i works successfully what is the issue? ldap users and groups are synced correctly as when i run the command hdfs groups asma it returns correct group asma : datascientist -- Regards: HAFIZ MUJADID -- Regards: HAFIZ MUJADID -- Regards: HAFIZ MUJADID
