RMS for Ozone does not support semantics enforced by Sentry for HDFS ACLs. This
implies that even when ranger.plugin.ozone.mapping.hive.authorize.with.only.chained.policies
is set to true, to access ozone locations when RMS is enabled; READ access must be given for
the user on bucket and volume where Hive Tables and Databases are located.
In addition to Ozone policies, Ranger RMS will authorize access only for "key" resources
which are the database/table locations in ozone. To access volumes & buckets, user should
have appropriate access through policies of Ozone service configured Ranger Admin.
The Ranger RMS ACL-sync feature supports a single logical HMS, to evaluate OZONE/HDFS access
via HIVE permissions.
RMS ACL sync is designed to work on a specific pair of HDFS<->Hive and OZONE<->Hive
Ranger services. It will support only one pair of “HDFS and HIVE” services and one pair of
“OZONE and HIVE” services.
By default, all external tables are stored into HDFS. To create an external table in Ozone,
please specify the location clause by providing the Ozone location at the time of creating a
table or configure Hive External Warehouse Directory in HMS.
The default Hive Warehouse directory is configured in HiveMetaStore (HMS) to store managed
tables into HDFS. To store managed tables into Ozone, please configure the Hive Warehouse
directory or update the database managed location as an Ozone storage location. Please check
with the Ozone/Hive support members to know more about creating Hive Tables/Databases into
Metrics support for RMS with Ozone is not supported in the CDP-7.1.9 release.