Automatically Assign ADMIN/KEYADMIN Role for External Users
About this task
You can use usersync to mark specific external users, or users in a specific external group, with ADMIN or KEYADMIN role within Ranger. This is useful in cases where internal users are not allowed to login to Ranger.
Steps
From Ambari>Ranger>Configs>Advanced>Custom ranger-ugsync-site, select Add Property.
Add the following properties:
ranger.usersync.role.assignment.list.delimiter =
&The default value is
&.ranger.usersync.users.groups.assignment.list.delimiter =
:The default value is
:.ranger.usersync.username.groupname.assignment.list.delimiter =
,The default value is
,.ranger.usersync.group.based.role.assignment.rules = ROLE_SYS_ADMIN:u:
userName1,userName2&ROLE_SYS_ADMIN:g:groupName1,groupName2&ROLE_KEY_ADMIN:u:userName&ROLE_KEY_ADMIN:g:groupName&ROLE_USER:u:userName3,userName4&ROLE_USER:g:groupName
Click Add.
Restart Ranger.
Example
ranger.usersync.role.assignment.list.delimiter = & ranger.usersync.users.groups.assignment.list.delimiter = : ranger.usersync.username.groupname.assignment.list.delimiter = , ranger.usersync.group.based.role.assignment.rules : &ROLE_SYS_ADMIN:u:ldapuser_12,ldapuser2