Summary
This article discusses verifying if Dremio can successfully read the policies from the Ranger Server when encountering access-denied errors while reading Hive tables with Ranger-based authorization.
Reported Issue
Users and admins get access denied errors when reading Hive tables with Ranger-based authorization due to one of the following scenarios:
- The user doesn't have the required privileges on the databases
- Dremio doesn't have policy download privileges in Ranger
- Configuration issues
Relevant Versions
All Ranger and Dremio versions
Troubleshooting Steps
To isolate the issue, verify the Ranger policy cache in Dremio by checking if the Ranger plugin has downloaded the policies from the Ranger Server Database and saved them in a JSON file (e.g., cm-ranger-hive.json) in the specified directory (e.g., /tmp) on the Dremio coordinator.
Cause
Dremio cannot download the policies from the Ranger Server despite being provided download authorization permissions to the Dremio service user on the Ranger server. This could be due to various configuration issues.
Steps to Resolve
N/A
Tips & Tricks
N/A
Best Practices
N/A
Recommendations
N/A
FAQ
N/A
Additional Resources
https://docs.dremio.com/software/data-sources/hive-ranger/#configure-via-ranger-service-manager