Cloudera Docs

Analyzing Ranger RMS resources

You can use the tools described in this topic to analyze Ranger RMS issues.

In CDP 7.1.7 Ranger RMS installations, we have observed numerous identical resource-signatures with different IDs for a single Hive resource due to which evaluation of access policies can be slow. This topic provides a tool set you can use to analyze the database as well as the resource-mapping cache (.json) file to help identify resource data if such a problem exists. This tool set can also help determine whether the source of such duplicate entries is:
  • incorrect entries in the Ranger database tables,
  • incorrect in-memory cache in Ranger RMS server, or
  • incorrect processing of resource-mapping deltas on the plugin side.
  1. The resource_mapping.json file can be located in the active NameNode host at /var/lib/ranger/hdfs/policy-cache/hdfs_cm_hive_resource_mapping.json path. To find duplicate resource-signatures in resource-mapping.json file:
    1. Update the json file in readable format 
      python -m json.tool hdfs_cm_hive_resource_mapping.json > pretty_resource_mapping.json
    2. To find duplicate entries, use the following grep command: 
      grep -o -E 'resourceSignature.*,' pretty_resource_mapping.json | sort | uniq -c | grep -v '1 resourceSignature' > outputFile.txt
  2. To find duplicate resource-signature entries in x_rms_service_resource table,
    1. Connect to Ranger database.
      To check configured database; go to Cloudera Manager > Ranger > Configuration > Database.
      use either of the following queries:
      select resource_signature, COUNT(resource_signature) from 
x_rms_service_resource
group by resource_signature HAVING COUNT(resource_signature) > 1;
      or
      SELECT a.id, a.service_resource_elements_text, 
a.resource_signature from x_rms_service_resource a where 
a.resource_signature in
(select resource_signature from x_rms_service_resource
group by resource_signature HAVING COUNT(resource_signature) > 
1) ORDER BY a.resource_signature;
  3. To find total count of duplicate entries,
    1. use the following query: 
      select sum(occurrences) as total_occurrences from (select 
resource_signature, COUNT(resource_signature) as occurrences 
from x_rms_service_resource
group by resource_signature HAVING COUNT(resource_signature) > 1) tbl1;