Fixed Issues in Apache Ranger

Review the list of Ranger issues that are resolved in Cloudera Runtime 7.1.6.

CDPD-21942: After cluster upgrades from HDP3.1.5 to CDP 7.1.6, Kafka plugin policy import fails with errors.

Corrects the inconsistent data from the database. This issue is resolved.

OPSAPS-54567: Ability to install NiFi/Kafka clusters with Ranger/Solr but no HDFS.

Ranger doesn't have a hard dependency on HDFS anymore. Components depending on Ranger (and transitively on Solr) can be installed on a cluster having Core Configuration service instead of HDFS. This issue is resolved.

OPSAPS-59481: Add default value to ranger.ldap.user.dnpattern in Cloudera Manager.

Add validation for ranger.ldap.user.dnpattern. This issue is resolved.

CDPD-21849: After upgrade to 7.1.5 unable to update user in usersync.

Added back support to allow usersearchenabled flag to be configurable (true or false) while retrieve users/groups from AD/LDAP. Default value is "true". When this configuration is set to false, then users are retrieved based on groupmemberattribute. This issue is resolved.

CDPD-14939: Audit logs are too verbose.

Added capability to specify audit filters. This issue is resolved.

CDPD-21611: HBase command authorization issue in Ranger.

1. "list_namespace" -> user who has "ADMIN" privilege can run this successfully else authorization error will occur.
2. "list_namespace_table" -> user can have any of the permission ( RWCA) on the namespace to list the tables.
3. "list" -> user should have Create/Admin privilege to list tables.

This issue is resolved.

CDPD-20686: HBase list command authorization issue in Ranger.

1. "list_namespace" -> user who has "ADMIN" privilege can run this successfully else authorization error will occur.
2. "list_namespace_table" -> user can have any of the permission ( RWCA) on the namespace to list the tables.
3. "list" -> user should have Create/Admin privilege to list tables.

This issue is resolved.

CDPD-19924: HDFS Audit does not capture HDFS writes or renames properly.

Ranger Audit will have the correct FileName which is taking part in the operation. This issue is resolved.

CDPD-22408: HDP deploy fails: ranger services are missing.

Fixed failures during service repo creation by adding retry logic for creating service users. This issue is resolved.

CDPD-20361: Improvement for FIPS changes on Ranger Code Base.

FIPS support enhancements. This issue is resolved.

CDPD-21649: RMS support to HiveMetaStore API for optimal data download - getTables API for ACL Sync.

Use optimized API from HMS. This issue is resolved.

CDPD-18273: Ranger - Upgrade to TLS to version 1.2 and above.

Disabled TLS versions that are less than 1.2 for Ranger. This issue is resolved.

CDPD-15630: Ranger API to delete a service in Ranger based on cluster name.

Added Ranger API to delete a service in Ranger based on cluster name. This issue is resolved.

CDPD-13866: Ranger Access audit improvements.

Make table columns resizable and Allow users to select columns. This issue is resolved.

CDPD-21704: Ranger Auditor role (API compatibility).

Fixed access for servicedef GET API. This issue is resolved.

CDPD-21799: Ranger Database deadlock while migrating from CDH 5.14.0 to CDH 7.1.5.

Created individual DB transactions for each create/update user when the request comes from usersync in order to avoid possible DB deadlock that is causing service creation failures. This issue is resolved.

CDPD-22348: Ranger HBase resource lookup fails with "java.lang.NoClassDefFoundError: org/apache/htrace/core/Tracer".

Fixed Hbase resource lookup. This issue is resolved.

CDPD-20299: Ranger Hive policy with nested Roles failed to authorize request.

Roles/Groups in Nested Roles will be authorized in the Hive operations. This issue is resolved.

CDPD-21724: Ranger LDAP for Usersync-- issue seems to be around usage of bcfks file.

The keystore type and truststore type configuration for LDAPS are not honored properly. This issue is resolved.

CDPD-21010: Ranger ShutdownHook hook to be called in RangerHBaseCoprocessor preShutdown APIs for a clean shutdown of HBase.

For a clean shutdown of HBase, Ranger ShutdownHook hook to be called in RangerHBaseCoprocessor preShutdown APIs. This issue is resolved.

CDPD-22264: Ranger UI is breaking when hitting user-profile (protected url) after logout.

Resolved Ranger UI issue being broken after logout in Firefox. This issue is resolved.

CDPD-20730: Remove global JAAS Configuration for auditing.

Global JAAS Configuration entry should not be set from ranger plugin auditing code. This issue is resolved.

CDPD-21026: Some policies are not accessible to user.

Fixed issue with delegate admin support for specific permissions. This issue is resolved.

CDPD-22386: Toggle switch does not render after change in resources drop down value.

This issue is resolved.

CDPD-23030: Unexpected "Permission denied" when executing hdfs command with RMS enabled.

Fixed RMS initialization errors coming due to inclusion of jersey-server jar coming from Hive, which was of 2.x version. This issue is resolved.

CDPD-17467: Upgrade Tomcat from 7.0.x line.

Tomcat is upgraded to 8.5.61. This issue is resolved.

CDPD-20653: Long tag based service names are not shown correctly.

This issue is resolved.

CDPD-20899: Improvement in Ranger UI's Edit Policy page - Button alignment enhancements.

This issue is resolved.

CDPD-22733: Usersync failures and intermittent ranger service repo creation failures during startup.

This issue is resolved.

CDPD-22463: Use default value for source attribute in enunciate-maven-plugin for ranger-admin.

This issue is resolved.

CDPD-22901: Ranger Hive role based grant/revoke failures.

This issue is resolved.