Hortonworks Docs
»
Hortonworks Data Platform 3.1.4
»
Providing Authorization with Apache Ranger
Providing Authorization with Apache Ranger
Also available as:
Using Ranger to Provide Authorization in Hadoop
Ranger Policies Overview
Ranger Tag-Based Policies
Tags and Policy Evaluation
Apache Ranger Access Conditions
Using the Ranger Console
Opening and Closing the Ranger Console
Ranger Console Navigation
Resource-Based Services and Policies
Configuring Resource-Based Services
Configure a Resource-based Service: HBase
Configure a Resource-based Service: HDFS
Configure a Resource-based Service: Hive
Configure a Resource-based Service: Kafka
Configure a Resource-based Service: Knox
Configure a Resource-based Service: Solr
Configure a Resource-based Service: Storm
Configure a Resource-based Service: YARN
Configure a Resource-based Service: Atlas
Configure a Resource-based Service: NiFi
Configure a Resource-based Service: NiFi Registry
Configuring Resource-Based Policies
Configure a Resource-based Policy: HBase
Configure a Resource-based Policy: HDFS
Configure a Resource-based Policy: Hive
Configure a Resource-based Policy: Kafka
Configure a Resource-based Policy: Knox
Configure a Resource-based Policy: Solr
Configure a Resource-based Policy: Storm
Configure a Resource-based Policy: YARN
Configure a Resource-based Policy: Atlas
Configure a Resource-based Policy: NiFi
Configure a Resource-based Policy: NiFi Registry
Wildcards and Variables in Resource-based Policies
Importing and Exporting Resource-Based Policies
Import Resource-Based Policies for a Specific Service
Import Resource-Based Policies for All Services
Export Resource-Based Policies for a Specific Service
Export All Resource-Based Policies for All Services
Row-level Filtering and Column Masking in Hive
Row-level Filtering in Hive with Ranger Policies
Dynamic Resource-Based Column Masking in Hive with Ranger Policies
Dynamic Tag-Based Column Masking in Hive with Ranger Policies
Tag-Based Services and Policies
Adding a Tag-based Service
Adding Tag-Based Policies
Using Tag Attributes and Values in Ranger Tag-Based Policy Conditions
Adding a Tag-Based PII Policy
Default EXPIRES ON Tag Policy
Importing and Exporting Tag-Based Policies
Import Tag Based Policies
Export Tag-Based Policies
Create a Time-bound Policy
Ranger Security Zones
Overview
Adding a Ranger Security Zone
Administering Ranger Users, Groups, and Permissions
Add a User
Edit a User
Delete a User
Add a Group
Edit a Group
Delete a Group
Add/Edit Permissions
Administering Ranger Reports
View Ranger Reports
Search Ranger Reports
Export Reports
Adding a New Component to Apache Ranger
Configuring Advanced Authorization Settings
Developing a Custom Authorization Module
Special Requirements for High Availability Environments
Configure Advanced Usersync Settings
Configure User Sync LDAP SSL
Set Up Database Users Without Sharing DBA Credentials
Updating Ranger Admin Passwords
Ranger Password Requirements
Configuring Advanced Authorization Settings
How to customize the Ranger Advanced Settings when configuring authentication.
Developing a Custom Authorization Module
In the Hadoop ecosystem, each component (i.e., Hive, HBase) has its own authorization implementation and ability to plug in a custom authorization module. To implement the centralized authorization and audit feature for a component, the component should support a customizable (or pluggable) authorization module.
Special Requirements for High Availability Environments
In a High Availability (HA) environment, the primary and secondary NameNodes must be configured as described in the HDP System Administration Guide.
Configure Advanced Usersync Settings
To access Usersync settings, select the Advanced tab on the Customize Service page. Usersync pulls in users from UNIX, LDAP, or AD and populates Ranger's local user tables with these users.
Configure User Sync LDAP SSL
How to configure LDAP SSL using self-signed certs in the default Ranger User Sync TrustStore.
Set Up Database Users Without Sharing DBA Credentials
If you do not wish to provide system Database Administrator (DBA) account details to the Ambari Ranger installer, you can use the
dba_script.py
Python script to create Ranger DB database users without exposing DBA account information to the Ambari Ranger installer. You can then run the normal Ambari Ranger installation without specify a DBA user name and password.
Updating Ranger Admin Passwords
For certain users, if you update the passwords on the Ranger Configs page, you must also update the passwords on the Configs page of each Ambari component that has the Ranger plugin enabled.
Ranger Password Requirements
This topic lists password requirements for Ranger and Ranger KMS.
© 2012–2019, Hortonworks, Inc.
Document licensed under the
Creative Commons Attribution ShareAlike 4.0 License
.
Hortonworks.com
|
Documentation
|
Support
|
Community