(Optional) Configure Ranger to restrict access to DataPlane
It is strongly recommended that in your cluster, you configure Ranger to restrict access to these DataPlane specific topologies to be only from your DP instance, in order to restrict access to only authorized users of DataPlane Platform.
As part of configuring Knox SSO to work with DataPlane, you setup Knox topologies to allow your DP instance to communicate and handle SSO request token between DP and your cluster.
Note | |
---|---|
This is the basic Ranger policy setup to restrict access to the Knox topology to
only DataPlane. Additional policies may be recommended or required based on the DP Apps
(and their requisite Cluster Agents) you use. |
- You will be configuring a Ranger policy to restrict access to Knox SSO token topologies to DataPlane users and your DP Instance.
- You must have installed and configured DataPlane.
- You must have configured Knox SSO for DataPlane. See Configuring Knox SSO for DataPlane for more information.
- You must have Ranger installed and configured in your cluster.
-
Be sure to also add the authorization role to the token topologies you configured for DP in your Knox SSO setup.
<provider> <role>authorization</role> <name>XASecurePDPKnox</name> <enabled>true</enabled> </provider>