Cloudera Docs

Known Issues in Apache Ranger

Learn about the known issues in Apache Ranger, the impact or changes to the functionality, and the workaround.

Known issues identified before Cloudera Runtime 7.3.2 include only unresolved issues from previous releases that continue to affect the Cloudera Runtime 7.3.2 base release.

Known issues identified in Cloudera Runtime 7.3.2

CDPD-101412: Ranger upgrade may fail in MySQL 8.x when the default charset is set to utf8mb4
7.3.2
In some environments, upgrading Ranger that uses an external MySQL 8.x database can fail if the server‑level default character set is configured as utf8mb4. The upgrade may stop with database or schema‑related errors because Ranger may not know the default charset of the MySQL server.
Create the required index manually by executing the following SQL statement in the Ranger DB:
CREATE INDEX x_trx_log_IDX_trx_id ON x_trx_log (trx_id(190));

This prefix index ensures the key length stays within the 3072-byte limit for utf8mb4 environments.

Known Issues identified before Cloudera Runtime 7.3.2

OPSAPS-75673: Wrong enablement of Ranger RMS Database Full Sync command
7.3.2, 7.3.1 and its SPs and CHFs, 7.2.18 and its SPs and CHFs
The Ranger RMS Database Full Sync command should be enabled only when all RMS server instances are stopped. This is required to ensure that the RMS database synchronizes correctly without introducing conflicts or data corruption. However, when HA (High Availability) is enabled on the cluster, the command becomes available from Cloudera Manager > Ranger RMS > Actions drop-down, even though only one Ranger RMS instance is stopped while the others are still running.
None.
CDPD-41582: Atlas Resource Lookup : Classification for "entity-type" lists only classification for the following payload: {"resourceName": "classification", "userInput": "", "resources": {"classification": []}}]
7.3.2, 7.3.1 and its SPs and CHFs, 7.2.18 and its SPs and CHFs
Expectation is to return all the classifications. But the response has only "classification". Happens similarly for entity-label, entity-business-metadata.
None.
CDPD-3296: Audit files for Ranger plugin components do not appear immediately in S3 after cluster creation
7.3.2, 7.3.1 and its SPs and CHFs, 7.2.18 and its SPs and CHFs
For Ranger plugin components (Atlas, Hive, HBase, etc.), audit data is updated when the applicable audit file is rolled over. The default Ranger audit rollover time is 24 hours, so audit data appears 24 hours after cluster creation.
To see the audit logs in S3 before the default rollover time of 24 hours, use the following steps to override the default value in the Cloudera Manager safety valve for the applicable service.
  1. On the Configuration tab in the applicable service, select Advanced under CATEGORY.
  2. Click the + icon for the <service_name> Advanced Configuration Snippet (Safety Valve) for ranger-<service_name>-audit.xml property.
  3. Enter the following property in the Name box:

    xasecure.audit.destination.hdfs.file.rollover.sec.

  4. Enter the desired rollover interval (in seconds) in the Value box. For example, if you specify 180, the audit log data is updated every 3 minutes.
  5. Click Save Changes and restart the service.