• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to Create HDFS policies in Ranger

by admin

Note: This is post is part of the HDPCA exam objective series

Apache Ranger is an application that enables data architects to implement security policies on a big data ecosystem. The goal of this project is to provide a unified way for all Hadoop applications to adhere to the security guidelines that are defined.

Here are some of the features of Apache Ranger:

  • Centralized administration
  • Fine grained authorization
  • Standardized authorization
  • Multiple authorization methods
  • Centralized auditing

Enable Ranger HDFS plugin

1. To enable Ranger Hive Plugin goto Services > Ranger > Configs > Ranger Plugin. Enable the Ranger HDFS Plugin on this page.

enable Ranger HDFS plugin using ambari

2. Save the config by providing an appropriate description note.

save config enabling Ranger HDFS plugin

save config with appropriate description note - HDPCA Ranger HDFS policy configuration

3. Ambari will prompt for some recommended changes to be done in order to enable the Ranger HDFS Plugin. Accept the changes and proceed.

recommended property changes Ranger HDFS plugin configuration

4. We need to restart the few Services like HDFS, YARN for the changes to take effect.

Service restart after enabling Ranger HDFS plugin

Overview of Ranger Admin UI and pre-configured policies for HDFS

You can log in to the Ranger Admin UI and check if the Ranger HDFS Plugin is enabled and you can create policies for HDFS users. To login to the Ranger Dashboard use the default username/password of admin/admin.

Ranger Admin UI from ambari

You can also goto the Ranger Admin UI with below URL:

http://rangerserver:6080

When you log in to the Ranger UI, the home page lists the various menus and types of policies that can be created using Ranger. As we can see the Ranger HDFS Plugin is enabled and we can view the pre-configured policies for HDFS.

Ranger Admin UI - Service Manager Page HDPCA exam

You can edit the pre-configured policies as shown below.

edit preconfigured Ranger HDFS policy - HDPCA

This particular policy provides ALL permissions (read, write, execute) to user “hdfs” and “ambari-qa” on all the filesystems under root ( /* ). You can add a new user/group and also modify the permissions on this page.

Edit policy in Ranger Admin UI - Ranger GDFS policy configuration

Set permissions to users in Ranger Admin UI - Ranger HDFS policy configuration

Creating a new Ranger HDFS Policy

Let’s create a new Ranger HDFS Policy to allow access to a particular mount point (/user/test) to the user “sandeep”. The user will have all the permissions (rwx) on the mount point.

1. Click on the policy group name under HDFS.

Ranger Admin UI - Service Manager Page HDPCA exam

2. Now click on Add New Policy to open a new page, similar to the one shown below:

add new HDFS Ranger Policy HDPCA exam

Provide the Policy Name, Resource Path (/user/test) and suitable description for the policy. We would also enable the recursive permission on the filesystem.

3. In the “Allow Conditions” section, we will assign all the permission (read, write and execute) to the user “sandeep” and save the policy.

User and group permissions create a new HDFS Ranger policy

Verify the Ranger HDFS Policy

Let’s test the policy we have created. Before creating the policy I have already tried creating a directory in the /user/test directory with user “sandeep”. It failed by giving a permission denied error as shown below.

permission denied Ranger HDFS policy configuration

Before creating of HDFS Ranger Policy

Now, after the creation of the policy, if I try to create the directory again, it went successfully. This verifies the functionality of the policy we just created.

create directory after creating HDFS Ranger policy creation

After creating HDFS Ranger Policy

HDPCA Exam Objective – Install and configure Ranger
How to Configure Hive Authorization Using Apache Ranger

Filed Under: Hadoop, HDPCA, Hortonworks HDP

Some more articles you might also be interested in …

  1. HDPCA Exam Objective – Install and configure Knox
  2. CCA 131 – Perform OS-level configuration for Hadoop installation
  3. HDPCA Exam Objective – Configure ResourceManager HA
  4. Understanding the Hadoop MapReduce framework
  5. How To Modify Hadoop Log Level
  6. HDPCA Exam Objective – Install HDP using the Ambari install wizard
  7. HDPCA Exam Objective – Change the configuration of a service using Ambari
  8. HDPCA Exam Objective – Recover a snapshot
  9. HDPCA Exam Objective – Decommission a node (NodeManager)
  10. CCA131 – Create an HDFS user’s home directory

You May Also Like

Primary Sidebar

Recent Posts

  • powertop Command Examples in Linux
  • powertop: command not found
  • powerstat: command not found
  • powerstat Command Examples in Linux

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright