Authorization settings
Two authorization methods are available for Atlas: Simple and Ranger.
Simple Authorization
The default setting is Simple, and the following properties are automatically set under Advanced application-properties on the Advanced tab.
Property | Value |
---|---|
atlas.authorizer.impl | simple |
atlas.auth.policy.file | {{conf_dir}}/policy-store.txt |
The policy-store.txt
file has the following format:
Policy_Name;;User_Name:Operations_Allowed;;Group_Name:Operations_Allowed;;Resource_Type:Resource_Name
For example:
adminPolicy;;admin:rwud;;ROLE_ADMIN:rwud;;type:*,entity:*,operation:*,taxonomy:*,term:*
userReadPolicy;;readUser1:r,readUser2:r;;DATA_SCIENTIST:r;;type:*,entity:*,operation:*,taxonomy:*,term:*
userWritePolicy;;writeUser1:rwu,writeUser2:rwu;;BUSINESS_GROUP:rwu,DATA_STEWARD:rwud;;type:*,entity:*,operation:*,taxonomy:*,term:*
In this example readUser1
, readUser2
,
writeUser1
and writeUser2
are the user IDs, each with its corresponding access rights. The User_Name
,
Group_Name
and Operations_Allowed
are comma-separated lists.
Authorizer Resource Types:
-
Operation
-
Type
-
Entity
-
Taxonomy
-
Term
-
Unknown
Operations_Allowed
are r
= read,
w
=
write, u
= update, d
= deleteRanger Authorization
Ranger Authorization is activated by enabling the Ranger Atlas plug-in in Ambari.