hadoophiveapache-ranger

Ranger is showing Hadoop-ACL used to grant access instead of Ranger-ACL


I have two hiveserver2 instances running. One uses Binary Transport (for HUE), the other uses HTTP transport (for ODBC connections).

I am trying to grant access for one user (ra01 in the screenshot) to only a specific table in Hive. The user account is intended to be used for ODBC connection from PowerBI.

I set the policy as seen in the screenshot. The policy seems to work if I try it in HUE but if I use the same user via ODBC, it seems to grant all permissions and it is using "Hadoop-ACL" instead of "Ranger-ACL" as seen in the attached screenshot.

What am I missing?

Ranger Audit Screen

Ranger policy


Solution

  • It appears the issue is with the folder permissions in HDFS. I followed the instructions in the link below; it fixed the issue for me:

    Best practices in HDFS authorization with Apache Ranger