VectorH needs full and exclusive access to all files under the /Actian directory in HDFS. Also, some of the Hadoop services require the VectorH user (actian) to have access to additional directories for housekeeping purposes.

The easiest way to ensure such access is to enable "federated mode" for Ranger in HDFS (in the Ambari console: HDFS, Configs, Advanced, Advanced ranger-hdfs-security, xasecure.add-hadoop-authorization=true) and letting HDFS access control default to the existing POSIX permissions.

When access control through Ranger policies is desired, you must define a policy to allow VectorH to access the appropriate locations in HDFS. In its simplest form, such a policy could look like this: