The following actions have to be performed when the files are encrypted:

  • The user indexima proxy must be added in the ranger kms configuration.
hadoop.kms.proxyuser.indexima.groups ( * )
hadoop.kms.proxyuser.indexima.hosts ( * )
  • You must also assign the right DECRYPT_EEK to the user who uses impersonation.

Without proxy users we get an unauthorized error.

  • Indexima corresponds to the main keytab.