Grant Ranger permissions to new users or groups

If you have secured your cluster using Ranger, then you must grant proper permissions to your users and groups from the Ranger web interface. If your users do not have proper permissions, then they may not be able to access certain databases or tables from the Hue editor.

To grant permissions to a new user or group:
  1. Log into Cloudera Manager as an Administrator.
  2. Go to Clusters > $Ranger service > Instances tab and note down the hostname corresponding to the Ranger Usersync role type.
  3. Open the Ranger UI by clicking Ranger Admin Web UI.
  4. SSH into the Ranger Usersync host that you noted in step 2 and add the user or the group as follows:
    ssh useradd [***USERNAME/GROUP-NAME***] passwd [***PASSWORD***]
  5. On the Ranger web UI, click Hadoop SQL listed under the HADOOP SQL service.
    The Hadoop SQL Policies page is displayed.
  6. On the Hadoop SQL Policies page, you can grant the new user access to all the databases or to specific databases by adding a new policy.
    To grant the permission on all databases:
    1. Click the policy ID corresponding to "all - database, table, column".

    2. On the Edit Policy page, add the user whom you want to grant the permission in the Select User field under the Allow Conditions section as shown in the following image:

      To grant permissions to a group, enter the group name in the Select Group field.

    3. Click Save.
    To grant permission on specific database:
    1. Click Add New Policy.

      The Create Policy page is displayed.

    2. Under the Policy Details section, specify the policy name and select the database, table, and column that you want your user to access as shown in the following image:

    3. Under the Allow Conditions section, enter the username in the Select User field and click Add Permissions and select the permissions that your user must have.

      To grant permissions to a group, enter the group name in the Select Group field.

    4. Click Add.
  7. Start the Hue service from Cloudera Manager.
The user or the group should be able to run any query on any entities as defined in the policy.