ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Don Bosco Durai <bo...@apache.org>
Subject Re: Does Ranger Restrict Any Permissoin
Date Wed, 01 Jul 2015 13:17:37 GMT
Tanping

Current Ranger permission model is permissive, which means by default
there are no permissions. However, if you give one, then you can¹t take
back. 

This model simplifies the management of the policies. However, if you want
to revoke permissions for certain user, then it becomes difficult.

In your use case, we recommend that you manage HDFS permissions only from
Ranger. You should do ³hdfs dfs -chmod -R 0000 /usr/hive² and then give
explicit permissions to users from Ranger.

If you are using HiveServer2, then we recommend to configure HS2 with
³doAs=false². In this case, you just need to give permission to user
³hive² in the HDFS level and manage all the table/column permissions at
the Hive level using Ranger. In this case, you can also give more granular
permissions up to column level.

If you feel revoke will be useful for you, then can you create a JIRA. In
the next release we can come up with a simplified version of revoke.

Thanks

Bosco


On 7/1/15, 12:57 PM, "Tanping Wang" <tanpingw@gmail.com> wrote:

>Hi, all,
>My understanding of Ranger is that Ranger would open up/relax the file
>permission inherited from Unix.  Can Ranger restrict/remove the
>permissions
>for a user?  For example, if a user, John does have permission to
>/usr/hive.  Can Ranger revoke the permission?
>Regards,
>tanping



Mime
View raw message