Description
Currently when Ranger KMS is installed, only keyadmin user has the permissions.
Users have to manually create user nn and assign policies for this user for the encryption zone creation to work. This should be added by default. Also nn is a kerberos principal which should be mapped to hdfs user, for which default policy should be added after KMS is installed. (with generate_eek and get_matadata operations). Investigate why KMS is not performing this mapping and resolve it. In addition address this use-case for making hive encryption zones work as well.
Attachments
Attachments
Issue Links
- links to