Cloudera Docs

How to configure Ranger HDFS plugin configs per (NameNode) Role Group

You can override the service-level configurations, by setting configurations at the Role/Group level.

The Ranger HDFS plugin supports service-wide configuration using safety valves for auditing, policy management and security. Additionally, you can override service-wide security setting by configuring the NameNode Advanced Configuration Snippet (Safety Valve) which allows role/group specific configuration. This feature supports configuring security policies across a federated namespace environment.

  1. In Cloudera Manager Home, select HDFS, then choose Configuration.
  2. On Configuration, in Search, type Ranger-hdfs.
  3. In NameNode Advanced Configuration Snippet (Safety Valve), click + (Add).
  4. Add key-value pairs that configure ranger-hdfs-security.xml per NameNode group.
key-value pairs that you define in NameNode Advanced Configuration Snippet (Safety Valve) for ranger-hdfs-security.xml override any defined in HDFS Service Advanced Configuration Snippet (Safety Valve) for ranger-hdfs-security.xml.