Analyzing Ranger RMS resources
You can use the tools described in this topic to analyze Ranger RMS issues.
In CDP 7.1.7 Ranger RMS installations, we have observed numerous identical
resource-signatures with different IDs for a single Hive resource due to which
evaluation of access policies can be slow. This topic provides a tool set you can
use to analyze the database as well as the resource-mapping cache (.json) file to
help identify resource data if such a problem exists. This tool set can also help
determine whether the source of such duplicate entries is:
- incorrect entries in the Ranger database tables,
- incorrect in-memory cache in Ranger RMS server, or
- incorrect processing of resource-mapping deltas on the plugin side.
-
The resource_mapping.json file can be located in the active NameNode host at
/var/lib/ranger/hdfs/policy-cache/hdfs_cm_hive_resource_mapping.json
path. To find duplicate resource-signatures in
resource-mapping.json file:
-
To find duplicate resource-signature entries in
x_rms_service_resource table,
-
To find total count of duplicate entries,