1. HDFS Policy Creation

Through configuration, Apache Ranger enables both Ranger policies and HDFS permissions to be checked for a user request. When the NameNode receives a user request, the Ranger plugin checks for policies set through the Ranger Policy Manager. If there are no policies, the Ranger plugin checks for permissions set in HDFS.

We recommend that permissions be created at the Ranger Policy Manager, and to have restrictive permissions at the HDFS level.

To add a policy to an HDFS repository,use the HDFS Add Policy form.

HDFS Policy Creation Console

HDFS Add Policy Form

Complete the HDFS Add Policy Form as follows:


Table 5.1. HDFS Add Policy Fields

Enter Policy NameEnter a unique name for this policy. The name cannot be duplicated anywhere in the system.
Resource PathDefine the resource path for the policy folder/file. To avoid the need to supply the full path OR to enable the policy for al subfolders or files, you can either complete this path using wildcards (for example, /home*) or specify that the policy should be recursive. (See below.)
Description(Optional) Describe the purpose of the policy.
RecursiveSelect if all files or subfolders within the existing folder will be included in this policy. (Use this option if you have specified a specific Resource Path to the top-level folder, but want all subfolders or files to be included).
Audit LoggingSpecify whether this policy is audited. (De-select to disable auditing).
Group PermissionsUse the pick list to assign group permissions appropriate to this policy. If desired, assign the group Administration privileges for the chosen resource. To add users or groups to the list, click the + button. (For further information, see Users).
User PermissionsUse the pick list to assign group permissions appropriate to this policy. If desired, designate one or more users as Administrators for the chosen resource.
Enable/DisablePolicies are enabled by default. To restrict user/group access for a policy, disable the policy.