HDFS
Ranger plugins are enabled from the Ranger service itself. To enable the ranger HDFS plugin, perform the steps described below.
- Select HDFS from the service and click on the Configs tab. 
- Navigate to advanced ranger-hdfs-plugin-properties and select the Enable Ranger for HDFS checkbox. 
- Select audit settings (Audit to DB or Audit to HDFS) and enter values accordingly. Note that only if Audit to HDFS is selected, settings related to that config will be shown. Refer to the table shown below for the different audit settings you can modify. 
- Save the configuration. 
- Ambari will display a restart indicator. Restart the HDFS component. 
- After the component is restarted, the Ranger plugin for HDFS will be enabled.   - Table 4.1. HDFS Plugin Configuration Properties - Configuration Property Name - Description - Default Value - Example Value - Required? - Enable Ranger for HDFS - Flag used to enable/disable Hive funcitonality for Ranger. - FALSE - Yes - Audit to HDFS - Flag used to enable/disable HDFS audit logging. If HDFS audit logging is turned off, it will not log any access control to HDFS. - FALSE - Yes - Audit to DB - Flag to enable/disable database audit logging. If the database audit logging is turned off, it will not log any access to the database. - FALSE - Yes - Ranger repository config password - Ranger repository config user - common.name. - for.certificate - hadoop.rpc.protection - Configuration parameter used to control the quality of protection in the Hadoop cluster. Options are: Authentication, Integrity, and Privacy. - auth-int - No - policy_user - SSL_KEYSTORE_ - FILE_PATH - Java Keystore Path where the SSL key for the plugin is stored. This is used only if SSL is enabled between the Policy Admin Tool and Plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY is SSL is not used. - /etc/hadoop/conf/ranger-plugin-keystore.jks - /etc/hadoop/conf/ranger-plugin-keystore.jks - Yes, if only SSL is emanled - SSL_KEYSTORE_ - PASSWORD - Password associated with SSL Keystore. Is used only if SSL is enabled between Policy Admin Tool and Plugin; if SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not used. - None - None - Yes, if SSL is enabled. - SSL_KEYSTORE_ - FILEPATH - Java Keystore Path where the trusted certificates are stored for verifying SSL connections to the Policy Admin Tool. Is used only if SSL is enabled between the Policy Admin Tool and Plugin; if SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not used. - /etc/hadoop/conf/ranger-plugin-truststore.jks - /etc/hadoop/conf/ranger-plugin-truststore.jks - Yes, if SSL is enabled. - SSL_TRUSTSTORE_ - PASSWORD - Password associated with Truststore file. Is used only if SSL is enabled between the Policy Admin Tool and Plugin; if SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not used. - None - None - Yes, if SSL is enabled. 

