Configure Usersync assignment of Admin users

How to automatically assign Admin and Key Admin roles for external users

Usersync pulls in users/groups from your external user repository, such as LDAP/AD, and populates the Ranger database with these users/groups. Use this procedure to automatically assign roles to specific users/groups. The example properites shown in this topic automatically assign the ADMIN/KEYADMIN role .

  1. In Search, type role.assignmnet.
  2. In Ranger Usersync Default Group: verify that the following default delimiter values appear for each property:
    Property Name Delimiter Value
    ranger.usersync.role.assignment.list.delimiter &
    ranger.usersync.users.groups.assignment.list.delimiter :
    ranger.usersync.username.groupname.assignment.list.delimiter ,
    ranger.usersync.group.based.role.assignment.rules
  3. In Ranger UserSync Group Based Role Assignment Rules, type the following value as one string:
    ROLE_SYS_ADMIN:u:User1,User2&ROLE_SYS_ADMIN:g:Group1,Group2&
    ROLE_KEY_ADMIN:u:kmsUser&ROLE_KEY_ADMIN:g:kmsGroup&
    ROLE_USER:u:User3,User4&ROLE_USER:g:Group3,Group4&
    ROLE_ADMIN_AUDITOR:u:auditorUsers,auditors& ROLE_ADMIN_AUDITOR:g:adminAuditorGroup,rangerAuditors&
    ROLE_KEY_ADMIN_AUDITOR:u:kmsAuditors&ROLE_KEY_ADMIN_AUDITOR:g:kmsAuditorGroup

    where "u" indicates user and "g" indicates group

  4. Click Save Changes (CTRL+S).
  5. If Usersync requires no other changes, choose Actions > Restart Usersync.