Create the DLM Engine service user

Follow these steps to configure DLM Engine service user:

1. You must configure user. Grant privileges to this user to enable replication of data, metadata, and Ranger policies.
2. If your principal user database is LDAP/AD, create ‘DLM Engine service’ user in your LDAP/AD setup.
3. Set up the ‘DLM Engine service’ user as HDFS superuser so that DLM can access HDFS files for replication.
   If the hadoop group mapping is set to LDAP, (hadoop.security.group.mapping=org.apache.hadoop.security.LdapGroupsMapping), ‘DLM Engine service’ user should belong to the HDFS superusergroup (value of dfs.permissions.superusergroup).
   1. You can assign HDFS superusergroup to ‘DLM Engine service’ user in LDAP. or
   2. This can also be set up with static hadoop group mapping (config hadoop.user.group.static.mapping.overrides=DLM Engine service=<HDFS superusergroup>).
   3. Refresh the hadoop group mapping.

      
      hdfs dfsadmin -refreshSuperUserGroupsConfiguration
      hdfs dfsadmin -refreshUserToGroupsMappings
      

4. Verify that ‘DLM Engine service’ was added as a user to the HDFS superuser group.
   hdfs groups <DLM Engine service user>

   The output should display HDFS or the value of dfs.permissions.superusergroup config as one of the groups.

5. The ‘DLM Engine service’ user requires some set up in Ranger. If the Ranger usersync is set to LDAP/AD, ensure that ‘DLM Engine service’ user is created in your LDAP/AD setup. Privileges for this user in Ranger will be automatically set up as part of DLM Engine service start.