All Products
Search

This Product

    E-MapReduce:Enable HDFS in Ranger and configure related permissions

    Document Center

    E-MapReduce:Enable HDFS in Ranger and configure related permissions

    Last Updated:Apr 27, 2023

    This topic describes how to enable Hadoop Distributed File System (HDFS) in Ranger and how to configure the related permissions.

    Background information

    The permissions that you configured on HDFS by using Ranger and HDFS access control list (ACL)-based permissions take effect at the same time. The following figure shows the authentication process. HDFS

    Prerequisites

    A Data Lake cluster is created and the Ranger service is selected when you create the cluster. For more information about how to create a cluster, see Create a cluster.

    Procedure

    1. Enable HDFS in Ranger.

      1. On the Services tab of the page that appears, click Status in the Ranger-plugin section.

      2. In the Service Overview section of the Status tab, turn on enableHDFS.

      3. In the Confirm message, click OK.

    2. Restart HDFS.

      1. On the Services tab, click the More icon and select HDFS.

      2. In the Components section of the Status tab, find NameNode and click Restart in the Actions column.

      3. In the dialog box that appears, configure the Execution Reason parameter and click OK.

      4. In the Confirm message, click OK.

    3. Optional:Configure permissions.

      By default, the HDFS service is added after you enable HDFS in Ranger.

      You can perform the following steps to grant users the permissions on resources in a directory. For example, you can grant the Write and Execute permissions on resources in the /user/foo directory to the test user:

      1. Access the web UI of Ranger. For more information, see Access the web UI of Ranger.

      2. Click emr-hdfs.

        hdfs-example

      3. Click Add New Policy in the upper-right corner.

      4. Configure the parameters based on your business requirements. The following table describes the parameters.

        Parameter

        Description

        Policy Name

        The name of the policy. You can specify a custom name.

        Resource Path

        The path of the resources. Example: /user/foo.

        recursive

        Specifies whether the permissions take effect on subdirectories or files.

        Select Group

        The user group to which you want to attach the policy.

        Select User

        The user to whom you want to attach the policy. Example: test.

        Permissions

        The permissions that you want to grant. Example: Write and Execute permissions.

      5. Click Add.

        After you attach the policy to the test user, the test user is granted the permissions. The test user is granted the Write and Execute permissions on the HDFS path /user/foo.

        Note

        After you add, remove, or modify a policy, it takes about 1 minute for the configuration to take effect.