In previous post, I described how to install Ranger in Ambari on HDP.
Ranger allows (through configuration) both Ranger policies and HDFS permissions to be checked for a user request. When a user request is received in NameNode, Ranger plugin will check for policies set through Ranger admin. If there are no policies, Ranger plugin will check for permission set in HDFS.
It is recommended to have restrictive permission at HDFS level and create permission in Ranger security admin.
Configuring HDFS Plugin happens in two places – HDFS service and Ranger service.
Select HDFS service from the Services menu.
Open Advanced ranger-hdfs-plugin-properties ad check the Enable Ranger for HDFS checkbox.
Change the following property by replacing NAMENODE_HOSTNAME with the RANGER_HOST.
If you are using an older HDP version, check Audit to DB.
Change HDFS umask from 022 to 077.
Save the properties and restart the service.
The following message appears, click OK to restart HDFS.
In Ranger, under tab Config
Switch on HDFS Ranger Plugin
Change the audit source type from default solr to db.
Save and restart Ranger service.