You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Don Bosco Durai (JIRA)" <ji...@apache.org> on 2015/04/27 07:24:39 UTC

[jira] [Commented] (RANGER-428) After renaming a repository, changes on existing policies within the repository will not show any effect

    [ https://issues.apache.org/jira/browse/RANGER-428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14513546#comment-14513546 ] 

Don Bosco Durai commented on RANGER-428:
----------------------------------------

[~widmanna], there are 2 things you might have to check.

1. The plugin uses the repository name to pull the policies. If the repo name is changed, then the name in the plugin also need to change
2. Only for HDFS, we also honor HDFS permissions. So you if you have "rx" to others or group, then you will be able to see the files. We recommend you to change the HDFS permission to 700 or even 000 for critical folders and handle all the permissions via Ranger policies.

Let me know if this addresses your question.

Thanks


> After renaming a repository, changes on existing policies within the repository will not show any effect
> --------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-428
>                 URL: https://issues.apache.org/jira/browse/RANGER-428
>             Project: Ranger
>          Issue Type: Bug
>    Affects Versions: 0.4.0
>         Environment: Hortonworks HDP 2.2 on Sandbox
>            Reporter: Andreas Widmann
>            Priority: Critical
>
> When you change the name of a repository inside the Ranger Policy Manager (e.g. the name "sandbox_hdfs" of the HDFS repository), all changes you make on existing policies within the repository will not show any effect.  
> Steps to follow the issue on Hortonworks HDP 2.2 sandbox:
> 1. Change the name of HDFS repository to "hdfs".
> 2. Remove the Write, Execute 	and Admin rights from policy "HDFS Global Allow".
> 3. Try with a user of your choice to create a new directory "test" in the root of HDFS (via curl command on shell).
> 4. Regarding to the policy, the command musnt´t be executed successfully (due to insufficient permissions). But all users have still full rights (Read, Write, Execute and Admin) on (Web)HDFS.
> The bug will remain until the name of the repository has been changed back to the original name.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)