Behavioral changes denote a marked change in behavior from the previously released
version to this version of Apache Ranger.
- Summary: Ranger access audit behavior changes.
- Previous behavior:
- When you ran hdfs dfs -copyFromLocal command, audit logs were generated
for the following:
- "write" Access Type and "write" permission.
- "rename" Access Type and "write" permission.
- "rename" Access Type and "write" permission.
- When you ran hdfs dfs -touch command, audit log was generated for the
following:
- "write" Access Type and "write" permission.
- New behavior:
- When you run hdfs dfs -copyFromLocal command, audit logs are generated
for the following:
- "create" Access Type and "write" permission.
- "rename" Access Type and "write" permission.
- When you run hdfs dfs -touch command, audit log is generated for the
following:
- "create" Access Type and "write" permission.
- Summary: Storagehandler authorisation has to be enabled for Ranger by setting the property
"hive.security.authorization.tables.on.storagehandlers" to True in hive-site.xml file in
HiveServer2 service.
- Previous behavior:
- This property was set to true by default.
- New behavior:
- In Data Hub, you configure hive.security.authorization.tables.on.storagehandlers = true to
enable authorization of StorageHandler-based tables:
- In Cloudera Manager, click , and search for
hive.security.authorization.tables.on.storagehandlers
.
- Set the value to true.
- Save changes.