HDP-2.3.0 Release Notes
Also available as:


HDP 2.3 provides Ranger 0.5.0 and the following Apache patches:

  • RANGER-422 Add additional database columns to support aggregation

  • RANGER-423 Support audit log aggregation in Ranger Admin UI

  • RANGER-513 Policy validation: resource hierarchies check does not work with single-node hierarchies as in HDFS

  • RANGER-551 Policy Validation: If resource levels are not valid for any hierarchy then checks about missing mandatory levels should be skipped.

  • RANGER-564 Add incubating to the release name


  • RANGER-219 Autocomplete behavior of hive tables/columns

  • RANGER-524 HBase plugin: list command should prune the tables returned on user permissions

  • RANGER-529 Policy Validation: resources of a policy must match one of the resource hierarchies of the service def.

  • RANGER-533 HBase plugin: if user does not have family-level access to any family in a table then user may be incorrectly denied access done at table/family level during get or scan

  • RANGER-539 Rolling downgrade changes

  • RANGER-545 Fix js error for lower versions of FF (less than 30)

  • RANGER-548 Key rollover command fails

  • RANGER-550 Hive plugin: Add audit logging support for metadata queries that have filtering support from hive

  • RANGER-553 Default policy creation during service creation should handle service defs with multiple hierarchies, e.g. hive, properly

  • RANGER-554 Ranger KMS keys listing page does not support pagination

  • RANGER-555 Policy view page (from access audit page) gives 404 with Oracle DB

  • RANGER-558 HBase plugin: unless user has READ access at some level under the table/family being accessed (via scan/get) authorizer should throw an exception and audit

  • RANGER-565 Ranger Admin install fails (sometimes) with IO Error when DB used in Oracle

  • RANGER-566 Installation of Ranger on Oracle 12c with shared database needs to use private synonym instead of public synonym

  • RANGER-569 Enabling Ranger plugin for HBase should not modify hbase.rpc.protection value

  • RANGER-570 Knox plugin: after upgrading ranger from 0.4 to 0.5 the Knox plugin won't work because classes with old names are missing

  • RANGER-571 Storm plugin: after upgrading ranger from 0.4 to 0.5 the plugin won't work because classes with old names are missing

  • RANGER-575 Allow KMS policies to be assigned to all users

  • RANGER-576 Storm audit not showing access type in the Ranger Admin Audit UI


  • RANGER-450 Failed to install Ranger component due to Ranger policyManager script failures