All Products
Document Center

E-MapReduce:Enable HDFS in Ranger and configure related permissions

Last Updated:Apr 27, 2023

This topic describes how to enable Hadoop Distributed File System (HDFS) in Ranger and how to configure the related permissions.

Background information

The permissions that you configured on HDFS by using Ranger and HDFS access control list (ACL)-based permissions take effect at the same time. The following figure shows the authentication process. HDFS


A Data Lake cluster is created and the Ranger service is selected when you create the cluster. For more information about how to create a cluster, see Create a cluster.


  1. Enable HDFS in Ranger.

    1. On the Services tab of the page that appears, click Status in the Ranger-plugin section.

    2. In the Service Overview section of the Status tab, turn on enableHDFS.

    3. In the Confirm message, click OK.

  2. Restart HDFS.

    1. On the Services tab, click the More icon and select HDFS.

    2. In the Components section of the Status tab, find NameNode and click Restart in the Actions column.

    3. In the dialog box that appears, configure the Execution Reason parameter and click OK.

    4. In the Confirm message, click OK.

  3. Optional:Configure permissions.

    By default, the HDFS service is added after you enable HDFS in Ranger.

    You can perform the following steps to grant users the permissions on resources in a directory. For example, you can grant the Write and Execute permissions on resources in the /user/foo directory to the test user:

    1. Access the web UI of Ranger. For more information, see Access the web UI of Ranger.

    2. Click emr-hdfs.

    3. Click Add New Policy in the upper-right corner.

    4. Configure the parameters based on your business requirements. The following table describes the parameters.



      Policy Name

      The name of the policy. You can specify a custom name.

      Resource Path

      The path of the resources. Example: /user/foo.


      Specifies whether the permissions take effect on subdirectories or files.

      Select Group

      The user group to which you want to attach the policy.

      Select User

      The user to whom you want to attach the policy. Example: test.


      The permissions that you want to grant. Example: Write and Execute permissions.

    5. Click Add.

      After you attach the policy to the test user, the test user is granted the permissions. The test user is granted the Write and Execute permissions on the HDFS path /user/foo.


      After you add, remove, or modify a policy, it takes about 1 minute for the configuration to take effect.