Creating the Ranger Plugin for HDF Services
Also available as:

Confirm Ranger Configuration

This article describes how to confirm Ranger configuration.

  1. In Ranger Admin UI, go to Access Manager > Resource Based Policies.
  2. Check that an entry for NiFi Registry exists in the NiFi Registry Service Manager.
    The entry name is dynamically created based on the Ambari cluster name.
  3. Click the edit button next to the service repository entry and confirm that the properties from the ranger-nifi-registry-plugin-properties are accurately populated.
  4. Check whether the NiFi Registry URL is populated.
  5. Confirm that the commonNameForCertificate value is the CN value from the Owner for Certificate property from ranger-nifi-registry-plugin-properties.
  6. Go to Audit > Plugins, and check the syncing between NiFi Registry and Ranger policies.
  7. If you are not using user sync in Ranger, you can manually create new users in Ranger which correspond to the authentication method used to secure NiFi Registry. For example when using Kerberos authentication in NiFi Registry, ensure that the users created match with the Kerberos principal.
    1. In the Ranger Admin UI, go to Settings and select User/Groups.
    2. Click the Add New User button.
    3. Configure the following properties in the User Detail section:
      • User Name. Enter user name. User name is the identity for the appropriate NiFi Registry authentication method. For example, enter Client DN, LDAP DN, or Kerberos principal.
      • New Password. Enter password. This is required by Ranger.
      • Password Confirm. Confirm password.
      • First Name. Enter first name. This is required by Ranger.
      • Last Name. Optional. Enter last name.
      • Email Address. Optional. Enter email address.
      • Select Role. Select User. Groups are not used by the plugin.
    4. Click Save to save the new user and repeat for any other users who need access to NiFi Registry.
  8. In the Ranger Admin UI, go to Access Manager > Resource Based Policies, and click the edit button next to the NiFi Registry service repository entry link.
  9. Click the Test Connection button.
    The Connected Successfully message appears.