You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by 黄健 <hu...@jd.com> on 2014/12/04 07:28:24 UTC
Fw: Some question about Ranger
Dear Sir:
When I use Ranger 0.4.0 version,I found some troubles,Please help me to solve them.
1. Hive 0.14 support ACID ,when I insert data to a table,it will create a temporary table which named like values__tmp__table__1. If I want to use Ranger to set the update operation,I must create a policies which countain permissions like update for values__tmp__table__1.However,the temporary tables are not one table,once I excute insert date ,it will create one,and it will disappear when I close the session.Could Ranger control permission auto connect to the temporary tables.
2. There are not delete funcation for user and group.The user source option can't refresh when I delete a user from unix system. When I create a user which exist in the Ranger system ,the user source option can't refresh too.
I am looking forward to hearing from you soon.
________________________________
Yours sincerely, Jian Huang
27 November Beijing China
---------------------------------------------
[cid:_Foxmail.1@c2102ce7-6962-98c3-8fb9-d0465bef8dee]
Re: Some question about Ranger
Posted by Selvamohan Neethiraj <sn...@hortonworks.com>.
These HBase errors are related to SNAPSHOT libraries that are changing on HBase.
As Ranger 0.4.0 release has some dependencies with some of the SNAPSHOT libraries, I would like to do another release of Apache Ranger (0.4.1) to remove the SNAPSHOT dependencies from Hive, HBase, Knox components.
Thanks,
Selva-
On Dec 6, 2014, at 3:50 AM, Alok Lal <al...@hortonworks.com> wrote:
> Jian,
> What is the specific error that you get? I know of one current
> problem: XAAccessControlLists
> does not compile. The way to get around that is to simply by replacing "
> AccessControlLists.init” with "AccessControlLists.createACLTable". If that
> isn't your issue then please provide details of what problem you have while
> compiling.
>
> Best,
>
> On Fri, Dec 5, 2014 at 9:21 PM, Don Bosco Durai <bo...@apache.org> wrote:
>
>> Would anyone be able to answer this question?
>>
>>
>>> 4. When
>>> I use the command "mvn clean compile package install assembly:assembly"
>>> buid Ranger which is the new version got from GitHub,some error like
>> this:
>>> I find that in pom.xml <hbase.version>0.99.2-SNAPSHOT</hbase.version>
>>> There is not the right version,so I can't build Ranger now
>>>
>> I thought we fixed this issue. Are you using 0.4.0 version source? Anyway
>> I will have someone else respond this question.
>>
>> Thanks
>>
>> Bosco
>>
>>> On Dec 4, 2014, at 10:36 PM, Don Bosco Durai <bo...@apache.org> wrote:
>>>
>>> Hi
>>>
>>> My answers are embedded.
>>>
>>> Thanks
>>>
>>> Bosco
>>>
>>>
>>>> On Dec 4, 2014, at 7:43 PM, 黄健 <hu...@jd.com> wrote:
>>>>
>>>> Dear Sir:
>>>> When I use Ranger 0.4.0 version,I found some troubles,Please help
>> me to solve them.
>>>> 1. Hive 0.14 support ACID ,when I insert data to a table,it will
>> create a temporary table which named like values__tmp__table__1. If I want
>> to use Ranger to set the update operation,I must create a policies which
>> countain permissions like update for values__tmp__table__1.However,the
>> temporary tables are not one table,once I excute insert date ,it will
>> create one,and it will disappear when I close the session.Could Ranger
>> control permission auto connect to the temporary tables.
>>>> You can use wild cards in Ranger to give permissions. If the tmp tables
>> are going to have
>>>> fixed strings, then you can create a policy like *__tmp__table__*. If
>> this works, then let
>>>> me know.
>>>> The new policy like *__tmp__table__* worked. I want to know which
>> opration control "insert" in the User Permissions and Group Permissions.Now
>> I set "All" to *__tmp__table__* policy
>>> After responding to your email, I followed up with the Hive developer
>> who worked on ACID and he mentioned it is perfectly safe to give global/all
>> permission *__tmp_table__* policy. The reason being, temporary tables are
>> only visible to the user who created it, so even if you give permission to
>> everyone, the others can’t see it or access it.
>>>
>>> In Ranger, you will create policy with Datatbase=*,
>> Tables=*__tmp_table__* and column=* and for the group use “public” and
>> “all” permissions. This should take care of your issue. I will create an
>> internal JIRA to address temporary tables without this explicit permission.
>> Mostly it would be an patch to 0.4.0 release soon.
>>>
>>>> 2. There are not delete funcation for user and group.The user
>> source option can't refresh when I delete a user from unix system. When I
>> create a user which exist in the Ranger system ,the user source option
>> can't refresh too.
>>>> We don’t support delete of user from the UI. We can create a JIRA to
>> track it. Can you explain
>>>> the use case of refresh? If the user is already in the system, then
>> only the groups will be
>>>> synchronized.
>>>> In the system,the user synchronized from unix its User Source it
>> "External" and created in Ranger is "Internal" I think that when I create a
>> Ranger user,it is "Internal",I create a same user in Unix,it will change to
>> "External". When I delete a user from unix, Ranger can delete the user or
>> change it to “Internal”
>>> Sounds good. I will make a note of this in the JIRA.
>>>> 3. The refresh function. When I edit a policy, the page in the picture
>> blew can't show the new changes, I must click to regresh,
>>>> the list in Analytics label is always correct.
>>>>
>>> For some reason the images are not attached or I can’t see it. I will
>> have to reproduce it. Can you create JIRA and attach the image with it?
>>>
>>>> 4. When
>>>> I use the command "mvn clean compile package install assembly:assembly"
>>>> buid Ranger which is the new version got from GitHub,some error like
>> this:
>>>> I find that in pom.xml <hbase.version>0.99.2-SNAPSHOT</hbase.version>
>>>> There is not the right version,so I can't build Ranger now
>>>>
>>> I thought we fixed this issue. Are you using 0.4.0 version source?
>> Anyway I will have someone else respond this question.
>>>
>>>>
>>>> I am looking forward to hearing from you soon.
>>>>
>>>> Yours sincerely, Jian Huang
>>>> 27 November Beijing China
>>>> ---------------------------------------------
>>>>
>>>
>>
>>
>
>
> --
> "* ... there is nothing more secure then a computer which is not connected
> to the network --- and powered off!...*" - from Kerberos Introduction
> <http://web.mit.edu/Kerberos/www/#what_is>
>
> --
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any printing, copying, dissemination, distribution, disclosure or
> forwarding of this communication is strictly prohibited. If you have
> received this communication in error, please contact the sender immediately
> and delete it from your system. Thank You.
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: Some question about Ranger
Posted by Alok Lal <al...@hortonworks.com>.
Jian,
What is the specific error that you get? I know of one current
problem: XAAccessControlLists
does not compile. The way to get around that is to simply by replacing "
AccessControlLists.init” with "AccessControlLists.createACLTable". If that
isn't your issue then please provide details of what problem you have while
compiling.
Best,
On Fri, Dec 5, 2014 at 9:21 PM, Don Bosco Durai <bo...@apache.org> wrote:
> Would anyone be able to answer this question?
>
>
> > 4. When
> > I use the command "mvn clean compile package install assembly:assembly"
> > buid Ranger which is the new version got from GitHub,some error like
> this:
> > I find that in pom.xml <hbase.version>0.99.2-SNAPSHOT</hbase.version>
> > There is not the right version,so I can't build Ranger now
> >
> I thought we fixed this issue. Are you using 0.4.0 version source? Anyway
> I will have someone else respond this question.
>
> Thanks
>
> Bosco
>
> > On Dec 4, 2014, at 10:36 PM, Don Bosco Durai <bo...@apache.org> wrote:
> >
> > Hi
> >
> > My answers are embedded.
> >
> > Thanks
> >
> > Bosco
> >
> >
> >> On Dec 4, 2014, at 7:43 PM, 黄健 <hu...@jd.com> wrote:
> >>
> >> Dear Sir:
> >> When I use Ranger 0.4.0 version,I found some troubles,Please help
> me to solve them.
> >> 1. Hive 0.14 support ACID ,when I insert data to a table,it will
> create a temporary table which named like values__tmp__table__1. If I want
> to use Ranger to set the update operation,I must create a policies which
> countain permissions like update for values__tmp__table__1.However,the
> temporary tables are not one table,once I excute insert date ,it will
> create one,and it will disappear when I close the session.Could Ranger
> control permission auto connect to the temporary tables.
> >> You can use wild cards in Ranger to give permissions. If the tmp tables
> are going to have
> >> fixed strings, then you can create a policy like *__tmp__table__*. If
> this works, then let
> >> me know.
> >> The new policy like *__tmp__table__* worked. I want to know which
> opration control "insert" in the User Permissions and Group Permissions.Now
> I set "All" to *__tmp__table__* policy
> > After responding to your email, I followed up with the Hive developer
> who worked on ACID and he mentioned it is perfectly safe to give global/all
> permission *__tmp_table__* policy. The reason being, temporary tables are
> only visible to the user who created it, so even if you give permission to
> everyone, the others can’t see it or access it.
> >
> > In Ranger, you will create policy with Datatbase=*,
> Tables=*__tmp_table__* and column=* and for the group use “public” and
> “all” permissions. This should take care of your issue. I will create an
> internal JIRA to address temporary tables without this explicit permission.
> Mostly it would be an patch to 0.4.0 release soon.
> >
> >> 2. There are not delete funcation for user and group.The user
> source option can't refresh when I delete a user from unix system. When I
> create a user which exist in the Ranger system ,the user source option
> can't refresh too.
> >> We don’t support delete of user from the UI. We can create a JIRA to
> track it. Can you explain
> >> the use case of refresh? If the user is already in the system, then
> only the groups will be
> >> synchronized.
> >> In the system,the user synchronized from unix its User Source it
> "External" and created in Ranger is "Internal" I think that when I create a
> Ranger user,it is "Internal",I create a same user in Unix,it will change to
> "External". When I delete a user from unix, Ranger can delete the user or
> change it to “Internal”
> > Sounds good. I will make a note of this in the JIRA.
> >> 3. The refresh function. When I edit a policy, the page in the picture
> blew can't show the new changes, I must click to regresh,
> >> the list in Analytics label is always correct.
> >>
> > For some reason the images are not attached or I can’t see it. I will
> have to reproduce it. Can you create JIRA and attach the image with it?
> >
> >> 4. When
> >> I use the command "mvn clean compile package install assembly:assembly"
> >> buid Ranger which is the new version got from GitHub,some error like
> this:
> >> I find that in pom.xml <hbase.version>0.99.2-SNAPSHOT</hbase.version>
> >> There is not the right version,so I can't build Ranger now
> >>
> > I thought we fixed this issue. Are you using 0.4.0 version source?
> Anyway I will have someone else respond this question.
> >
> >>
> >> I am looking forward to hearing from you soon.
> >>
> >> Yours sincerely, Jian Huang
> >> 27 November Beijing China
> >> ---------------------------------------------
> >>
> >
>
>
--
"* ... there is nothing more secure then a computer which is not connected
to the network --- and powered off!...*" - from Kerberos Introduction
<http://web.mit.edu/Kerberos/www/#what_is>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: Some question about Ranger
Posted by Don Bosco Durai <bo...@apache.org>.
Would anyone be able to answer this question?
> 4. When
> I use the command "mvn clean compile package install assembly:assembly"
> buid Ranger which is the new version got from GitHub,some error like this:
> I find that in pom.xml <hbase.version>0.99.2-SNAPSHOT</hbase.version>
> There is not the right version,so I can't build Ranger now
>
I thought we fixed this issue. Are you using 0.4.0 version source? Anyway I will have someone else respond this question.
Thanks
Bosco
> On Dec 4, 2014, at 10:36 PM, Don Bosco Durai <bo...@apache.org> wrote:
>
> Hi
>
> My answers are embedded.
>
> Thanks
>
> Bosco
>
>
>> On Dec 4, 2014, at 7:43 PM, 黄健 <hu...@jd.com> wrote:
>>
>> Dear Sir:
>> When I use Ranger 0.4.0 version,I found some troubles,Please help me to solve them.
>> 1. Hive 0.14 support ACID ,when I insert data to a table,it will create a temporary table which named like values__tmp__table__1. If I want to use Ranger to set the update operation,I must create a policies which countain permissions like update for values__tmp__table__1.However,the temporary tables are not one table,once I excute insert date ,it will create one,and it will disappear when I close the session.Could Ranger control permission auto connect to the temporary tables.
>> You can use wild cards in Ranger to give permissions. If the tmp tables are going to have
>> fixed strings, then you can create a policy like *__tmp__table__*. If this works, then let
>> me know.
>> The new policy like *__tmp__table__* worked. I want to know which opration control "insert" in the User Permissions and Group Permissions.Now I set "All" to *__tmp__table__* policy
> After responding to your email, I followed up with the Hive developer who worked on ACID and he mentioned it is perfectly safe to give global/all permission *__tmp_table__* policy. The reason being, temporary tables are only visible to the user who created it, so even if you give permission to everyone, the others can’t see it or access it.
>
> In Ranger, you will create policy with Datatbase=*, Tables=*__tmp_table__* and column=* and for the group use “public” and “all” permissions. This should take care of your issue. I will create an internal JIRA to address temporary tables without this explicit permission. Mostly it would be an patch to 0.4.0 release soon.
>
>> 2. There are not delete funcation for user and group.The user source option can't refresh when I delete a user from unix system. When I create a user which exist in the Ranger system ,the user source option can't refresh too.
>> We don’t support delete of user from the UI. We can create a JIRA to track it. Can you explain
>> the use case of refresh? If the user is already in the system, then only the groups will be
>> synchronized.
>> In the system,the user synchronized from unix its User Source it "External" and created in Ranger is "Internal" I think that when I create a Ranger user,it is "Internal",I create a same user in Unix,it will change to "External". When I delete a user from unix, Ranger can delete the user or change it to “Internal”
> Sounds good. I will make a note of this in the JIRA.
>> 3. The refresh function. When I edit a policy, the page in the picture blew can't show the new changes, I must click to regresh,
>> the list in Analytics label is always correct.
>>
> For some reason the images are not attached or I can’t see it. I will have to reproduce it. Can you create JIRA and attach the image with it?
>
>> 4. When
>> I use the command "mvn clean compile package install assembly:assembly"
>> buid Ranger which is the new version got from GitHub,some error like this:
>> I find that in pom.xml <hbase.version>0.99.2-SNAPSHOT</hbase.version>
>> There is not the right version,so I can't build Ranger now
>>
> I thought we fixed this issue. Are you using 0.4.0 version source? Anyway I will have someone else respond this question.
>
>>
>> I am looking forward to hearing from you soon.
>>
>> Yours sincerely, Jian Huang
>> 27 November Beijing China
>> ---------------------------------------------
>>
>
Re: Some question about Ranger
Posted by Don Bosco Durai <bo...@apache.org>.
Hi
My answers are embedded.
Thanks
Bosco
> On Dec 4, 2014, at 7:43 PM, 黄健 <hu...@jd.com> wrote:
>
> Dear Sir:
> When I use Ranger 0.4.0 version,I found some troubles,Please help me to solve them.
> 1. Hive 0.14 support ACID ,when I insert data to a table,it will create a temporary table which named like values__tmp__table__1. If I want to use Ranger to set the update operation,I must create a policies which countain permissions like update for values__tmp__table__1.However,the temporary tables are not one table,once I excute insert date ,it will create one,and it will disappear when I close the session.Could Ranger control permission auto connect to the temporary tables.
> You can use wild cards in Ranger to give permissions. If the tmp tables are going to have
> fixed strings, then you can create a policy like *__tmp__table__*. If this works, then let
> me know.
> The new policy like *__tmp__table__* worked. I want to know which opration control "insert" in the User Permissions and Group Permissions.Now I set "All" to *__tmp__table__* policy
After responding to your email, I followed up with the Hive developer who worked on ACID and he mentioned it is perfectly safe to give global/all permission *__tmp_table__* policy. The reason being, temporary tables are only visible to the user who created it, so even if you give permission to everyone, the others can’t see it or access it.
In Ranger, you will create policy with Datatbase=*, Tables=*__tmp_table__* and column=* and for the group use “public” and “all” permissions. This should take care of your issue. I will create an internal JIRA to address temporary tables without this explicit permission. Mostly it would be an patch to 0.4.0 release soon.
> 2. There are not delete funcation for user and group.The user source option can't refresh when I delete a user from unix system. When I create a user which exist in the Ranger system ,the user source option can't refresh too.
> We don’t support delete of user from the UI. We can create a JIRA to track it. Can you explain
> the use case of refresh? If the user is already in the system, then only the groups will be
> synchronized.
> In the system,the user synchronized from unix its User Source it "External" and created in Ranger is "Internal" I think that when I create a Ranger user,it is "Internal",I create a same user in Unix,it will change to "External". When I delete a user from unix, Ranger can delete the user or change it to “Internal”
Sounds good. I will make a note of this in the JIRA.
> 3. The refresh function. When I edit a policy, the page in the picture blew can't show the new changes, I must click to regresh,
> the list in Analytics label is always correct.
>
For some reason the images are not attached or I can’t see it. I will have to reproduce it. Can you create JIRA and attach the image with it?
> 4. When
> I use the command "mvn clean compile package install assembly:assembly"
> buid Ranger which is the new version got from GitHub,some error like this:
> I find that in pom.xml <hbase.version>0.99.2-SNAPSHOT</hbase.version>
> There is not the right version,so I can't build Ranger now
>
I thought we fixed this issue. Are you using 0.4.0 version source? Anyway I will have someone else respond this question.
>
> I am looking forward to hearing from you soon.
>
> Yours sincerely, Jian Huang
> 27 November Beijing China
> ---------------------------------------------
>
Re: Fw: Some question about Ranger
Posted by 黄健 <hu...@jd.com>.
Dear Sir:
When I use Ranger 0.4.0 version,I found some troubles,Please help me to solve them.
1. Hive 0.14 support ACID ,when I insert data to a table,it will create a temporary table which named like values__tmp__table__1. If I want to use Ranger to set the update operation,I must create a policies which countain permissions like update for values__tmp__table__1.However,the temporary tables are not one table,once I excute insert date ,it will create one,and it will disappear when I close the session.Could Ranger control permission auto connect to the temporary tables.
You can use wild cards in Ranger to give permissions. If the tmp tables are going to have
fixed strings, then you can create a policy like *__tmp__table__*. If this works, then let
me know.
The new policy like *__tmp__table__* worked. I want to know which opration control "insert" in the User Permissions and Group Permissions.Now I set "All" to *__tmp__table__* policy
2. There are not delete funcation for user and group.The user source option can't refresh when I delete a user from unix system. When I create a user which exist in the Ranger system ,the user source option can't refresh too.
We don’t support delete of user from the UI. We can create a JIRA to track it. Can you explain
the use case of refresh? If the user is already in the system, then only the groups will be
synchronized.
In the system,the user synchronized from unix its User Source it "External" and created in Ranger is "Internal" I think that when I create a Ranger user,it is "Internal",I create a same user in Unix,it will change to "External". When I delete a user from unix, Ranger can delete the user or change it to "Internal"
3. The refresh function. When I edit a policy, the page in the picture blew can't show the new changes, I must click [cid:_Foxmail.1@cdace1a1-6811-f9b9-4637-fa8a304c3114] to regresh,
the list in Analytics label is always correct.
[cid:_Foxmail.1@cbe20fab-a455-a58e-0547-a1aacc48eddf]
4. When I use the command "mvn clean compile package install assembly:assembly" buid Ranger which is the new version got from GitHub,some error like this:[cid:_Foxmail.1@b48c550e-872a-16f2-efc1-5d24044be7d0]
I find that in pom.xml <hbase.version>0.99.2-SNAPSHOT</hbase.version>
There is not the right version,so I can't build Ranger now
I am looking forward to hearing from you soon.
________________________________
Yours sincerely, Jian Huang
27 November Beijing China
---------------------------------------------
[cid:_Foxmail.1@77f8d885-6e30-b09d-740d-7d2fa000638d]
Re: Some question about Ranger
Posted by Don Bosco Durai <bo...@apache.org>.
Hi Jian
> 1. Hive 0.14 support ACID ,when I insert data to a table,it will create a temporary table which named like values__tmp__table__1. If I want to use Ranger to set the update operation,I must create a policies which countain permissions like update for values__tmp__table__1.However,the temporary tables are not one table,once I excute insert date ,it will create one,and it will disappear when I close the session.Could Ranger control permission auto connect to the temporary tables.
You can use wild cards in Ranger to give permissions. If the tmp tables are going to have fixed strings, then you can create a policy like *__tmp__table__*. If this works, then let me know.
> 2. There are not delete funcation for user and group.The user source option can't refresh when I delete a user from unix system. When I create a user which exist in the Ranger system ,the user source option can't refresh too.
We don’t support delete of user from the UI. We can create a JIRA to track it. Can you explain the use case of refresh? If the user is already in the system, then only the groups will be synchronized.
Thanks
Bosco
> On Dec 3, 2014, at 10:28 PM, 黄健 <hu...@jd.com> wrote:
>
>
> Dear Sir:
> When I use Ranger 0.4.0 version,I found some troubles,Please help me to solve them.
> 1. Hive 0.14 support ACID ,when I insert data to a table,it will create a temporary table which named like values__tmp__table__1. If I want to use Ranger to set the update operation,I must create a policies which countain permissions like update for values__tmp__table__1.However,the temporary tables are not one table,once I excute insert date ,it will create one,and it will disappear when I close the session.Could Ranger control permission auto connect to the temporary tables.
> 2. There are not delete funcation for user and group.The user source option can't refresh when I delete a user from unix system. When I create a user which exist in the Ranger system ,the user source option can't refresh too.
>
> I am looking forward to hearing from you soon.
>
> Yours sincerely, Jian Huang
> 27 November Beijing China
> ---------------------------------------------
>