Configure Usersync assignment of Admin users

How to automatically assign Admin and Key Admin roles for external users

Usersync pulls in users/groups from your external user repository, such as LDAP/AD, and populates the Ranger database with these users/groups. Use this procedure to automatically assign roles to specific users/groups. The example properites shown in this topic automatically assign the ADMIN/KEYADMIN role .

In Search, type role.assignmnet.

In Ranger Usersync Default Group: verify that the following default delimiter values appear for each property:


Property Name	Delimiter Value
ranger.usersync.role.assignment.list.delimiter	&
ranger.usersync.users.groups.assignment.list.delimiter	:
ranger.usersync.username.groupname.assignment.list.delimiter	,
ranger.usersync.group.based.role.assignment.rules

In Ranger UserSync Group Based Role Assignment Rules, type the following value as one string:
ROLE_SYS_ADMIN:u:User1,User2&ROLE_SYS_ADMIN:g:Group1,Group2&

ROLE_KEY_ADMIN:u:kmsUser&ROLE_KEY_ADMIN:g:kmsGroup&

ROLE_USER:u:User3,User4&ROLE_USER:g:Group3,Group4&

ROLE_ADMIN_AUDITOR:u:auditorUsers,auditors& ROLE_ADMIN_AUDITOR:g:adminAuditorGroup,rangerAuditors&

ROLE_KEY_ADMIN_AUDITOR:u:kmsAuditors&ROLE_KEY_ADMIN_AUDITOR:g:kmsAuditorGroup
where "u" indicates user and "g" indicates group
Click Save Changes (CTRL+S).
If Usersync requires no other changes, choose Actions > Restart Usersync.