Authorization settings
Two authorization methods are available for Atlas: Simple and Ranger.
Simple Authorization
The default setting is Simple, and the following properties are automatically set under Advanced application-properties on the Advanced tab.
| Property | Value |
|---|---|
| atlas.authorizer.impl | simple |
| atlas.auth.policy.file | {{conf_dir}}/policy-store.txt |
The policy-store.txt file has the following format:
Policy_Name;;User_Name:Operations_Allowed;;Group_Name:Operations_Allowed;;Resource_Type:Resource_NameFor example:
adminPolicy;;admin:rwud;;ROLE_ADMIN:rwud;;type:*,entity:*,operation:*,taxonomy:*,term:*
userReadPolicy;;readUser1:r,readUser2:r;;DATA_SCIENTIST:r;;type:*,entity:*,operation:*,taxonomy:*,term:*
userWritePolicy;;writeUser1:rwu,writeUser2:rwu;;BUSINESS_GROUP:rwu,DATA_STEWARD:rwud;;type:*,entity:*,operation:*,taxonomy:*,term:*In this example readUser1, readUser2,
writeUser1 and writeUser2
are the user IDs, each with its corresponding access rights. The User_Name,
Group_Name and Operations_Allowed are comma-separated lists.
Authorizer Resource Types:
-
Operation
-
Type
-
Entity
-
Taxonomy
-
Term
-
Unknown
Operations_Allowed are r = read,
w =
write, u
= update, d = deleteRanger Authorization
Ranger Authorization is activated by enabling the Ranger Atlas plug-in in Ambari.