Cloudera Docs

Configuring Ranger policies

Learn how to configure Ranger policies to manage Cloudera Storage Optimizer.

Policy 1: Hive Access Policy (Hadoop SQL)

  1. Sign in to Ranger Admin UI and navigate to Resource Policies > Hadoop SQL.
  2. Click Add New Policy.
  3. Enter the following configurations:
    • Under Policy Details, enter the following configurations:
      • Policy Name: OZONE_TIERING_HIVE_POLICY
      • Description: Ozone tiering hive policy to grant access to om user on the URL for the Ozone storage
    • Under Resources > URL, enter ofs://${<***OZONE_SERVICE_ID***>}/tiering-volume/tiering-bucket/tables.
    • Under Allow Conditions, add the following configurations:
      • Users: hdfs, om
      • Permissions: All
  4. Click Save.

Policy 2: Volume Read Policy (cm_ozone)

  1. Sign in to Ranger Admin UI and navigate to cm_ozone policy page.
  2. Click Add New Policy.
  3. Enter the following configurations:
    • Under Policy Details, enter the following configurations:
      • Policy Name: OZONE_TIERING_VOLUME_POLICY
      • Description: Policy for OZONE_TIERING_VOLUME_POLICY to grant hive user read access to tiering-volume
      • Audit Logging: Enable it to Yes
    • Under Resources > Ozone Volume, enter tiering-volume.
    • Under Allow Conditions, add the following configurations:
      • Users: hive.
      • Permissions: Read
  4. Click Save.

Policy 3: Bucket Access Policy (cm_ozone)

  1. Sign in to Ranger Admin UI and navigate to cm_ozone policy page.
  2. Click Add New Policy.
  3. Enter the following configurations:
    • Under Policy Details, enter the following configurations:
      • Policy Name: OZONE_TIERING_POLICY
      • Description: Policy for OZONE_TIERING_POLICY to grant hive user all access to tiering-volume/tiering-bucket
      • Audit Logging: Enable it to Yes
    • Under Resources, add the following configurations:
      • Ozone Volume: Enter tiering-volume and enable Include toggle button on.
      • Ozone Bucket: Enter tiering-bucket and enable Include toggle button on.
      • Ozone Key: *
    • Under Allow Conditions, add the following configurations:
      • Users: hive.
      • Permissions: All, Create, Write, Read, List, Delete
  4. Click Save.