VectorH must have access to the queue that is configured in the VectorH YARN_AM_QUEUE configuration parameter, typically "default".

The easiest way to achieve this is to keep the YARN-ACL fallback enabled and let YARN access control default to the existing YARN ACL permissions. If strict Ranger access control is desired, you must disable the fallback (YARN, Configs, Advanced, Custom ranger-yarn-security, ranger.add-yarn-authorization=false), and then define a suitable policy to allow VectorH access to the queue.

The policy for YARN in Ranger that is automatically created upon install typically gives access to all queues to a given list of users. Simply adding the actian user to that list will work, but will give VectorH more rights than it strictly needs. Defining a separate policy to give the actian user access to only the indicated queue would be a better security policy.

In its simplest form, such a policy could look like this: