I was using hadoop cli command below is my command in HA ranger kms environment
sudo -u hdfs hadoop distcp /tmp /zone1
Caused by: org.apache.hadoop.security.authorize.AuthorizationException: User:hdfs not allowed to do 'DECRYPT_EEK' on 'key'.
I added the policy as well for user hdfs .
I added policy as well.What i am missing.i came across different blog everyone talks abt adding policy.i added but its nt helping me .Please pour suggestion.