Cloudera Docs

Adding a user to Ranger service policies

Learn how to add a logged-in user or resource owner, who is not already part of the required groups, to the relevant Ranger policies.

  1. In Cloudera Manager, click Clusters > Ranger > Ranger Admin Web UI, enter your username and password, and then click Sign In.
    The Ranger Service Manager page for Cloudera services is displayed.
  2. From the Service Manager page, click the cm_trino service.
  3. In the TRINO Policies page of the cm_trino service, click edit against the following policies and include the logged-in user or resource owner in the Allow Conditions:
    • all – trinouser
    • all – catalog, schema, table
    • all – catalog, schema
    • all – sysinfo
    • all – catalog, schema, procedure
    • all – catalog, schema, schemafunction
    • all - function
    • all - queryid
    • all - role
    • all – catalog, schema, table, column
    • all – catalog
    • all – catalog, sessionproperty
    • all – systemproperty
  4. Click Save to apply the changes.
  5. Return to the Service Manager page and click the Hadoop SQL service to modify the default policies.
  6. In the HIVE policies page of the Hadoop SQL service, edit each of the following default Hive policies to include the logged-in user or resource owner in the Allow Conditions:
    • all - global
    • all - database, table, column
    • all - database, table
    • all - storage-type, storage-url
    • all - database
    • all - hiveservice
    • all - database, udf
    • all - url
  7. Click Save to apply the changes.
  8. Return to the Service Manager page and click the cm_hdfs service to modify the default policies.
  9. In the HDFS Policies page of the cm_hdfs service, edit the following default policy to include the logged-in user or resource owner in the Allow Conditions:
    all - path
  10. Click Save to apply the changes.
The logged-in user or resource owner now has the necessary permissions for the HDFS, Hadoop SQL, and Trino services.