Transforming Ranger HDFS policies into Ranger S3 policies
Learn how to transform Ranger HDFS service policies into Ranger AWS S3 policies, which can then be imported into the CDP cluster Ranger.
- You must have converted the extracted Ranger HDFS native permissions
(.csv file) into Ranger HDFS policies
(.json file) using the
- You must have copied the Ranger policy migration utility,
ranger-<version>-policymigration.tar.gz file to the
migration cluster node.
- Log in to the migration cluster's node (or a Data Lake node of a cloud cluster) where the ranger-admin binaries are available. For example, /opt/cloudera/parcels/CDH/lib/ranger-admin
- Copy /opt/cloudera/parcels/CDH/lib/ranger-admin/policymigration/ranger-<version>-policymigration.tar.gz to some location of the migration cluster machine from where you want to run the Ranger policy migration utility.
- You must have read, write, and execute permissions on the directory where the Ranger policy migration utility is copied.
- You must have SUDO or ROOT access to perform the migration process.
- Log in to the migration cluster node where you have copied the ranger-<version>-policymigration.tar.gz file. Untar the file and navigate to ranger-<version>-policymigration directory.
Update the "Transform" part of the env.sh file by updating
the following parameters or as required for your environment.
For more information, see Supported Input parameters for Transform operation.
transform.shscript with the
transformcommand to convert the Ranger HDFS policies to Ranger AWS S3 policy format.
Syntax: ./transform.sh transform $converted_ranger_policies_file_path
Example: ./transform.sh transform /tmp/HDFS_Permissions_Export_<timestamp>_convert.json