Extracting HDFS native permissions
Learn how to use the HDFS Permissions Export utility to extract HDFS native POSIX permissions from a source cluster running CDH or HDP. The extracted HDFS permissions are then used to create Ranger S3 policies that can be used in Cloudera.
.csv
file in the following format with the permissions sorted in
ascending order:Syntax:
"/resource/path"|"username"|"groupname"|"permission"
where,
"/resource/path"
refers to resource entities"username"
refers to user entries"groupname"
refers to group entries"permission"
refers to the HDFS permission entries
Example:
"/dir1"|"hdfs"|"supergroup, public"|"read, execute"
"/dir1/dir1"||"supergroup, public"|"read, execute"
"/dir1/dir1"|"hdfs"||"read, write, execute"
- The source and target migration clusters must be running the following supported
versions:
- Source cluster: HDP 2.6.5, HDP 3.1.5, CDH 5.16, CDH 6.3
- Target cluster: CDP 7.2.15 or higher
- Secure Copy (SCP) the HDFS keytab file from the source cluster to your local system
- Run the
klist
command to view the list of Kerberos principals available in the keytab —${RANGER_ADMIN_KEYTAB_PATH}
and then run thekinit
command to authenticate the user.klist -kt ${RANGER_ADMIN_KEYTAB_PATH} kinit -kt ${RANGER_ADMIN_KEYTAB_PATH} rangeradmin/_HOST@REALM