Behavioral Changes in Ranger

Behavioral changes denote a marked change in behavior from the previously released version to this version of Apache Ranger.

Behavioral Changes in Cloudera Runtime 7.3.1.400 SP2

There are no behavioral changes in this release.

There are no behavioral changes in this release.

There are no behavioral changes in this release.

Summary: Hive authorization from Ranger for Alter Table Rename command does not require CREATE database permission on the database where the renamed table will be created.: Previous behavior:
In releases earlier than 7.3.1.100, whenever Alter Table Rename command was used across databases in Hive, authorization from Ranger required CREATE database permission for the user on the target database in which the renamed table was created.; New behavior:
In 7.3.1 CHF1 and later releases, whenever Alter Table Rename command is used across databases in Hive, authorization from Ranger does not check for CREATE database permission for the user on the target database in which the renamed table will be created.

Summary: Ranger access audit behavior changes.

Previous behavior:

When you ran hdfs dfs -copyFromLocal command, audit logs were generated for the following:

When you ran hdfs dfs -touch command, audit log was generated for the following:

New behavior:

When you run hdfs dfs -copyFromLocal command, audit logs are generated for the following:

When you run hdfs dfs -touch command, audit log is generated for the following: