Configure Usersync assignment of Admin users

How to automatically assign Admin and Key Admin roles for external users

Usersync pulls in users/groups from your external user repository, such as LDAP/AD, and populates the Ranger database with these users/groups. Use this procedure to automatically assign roles to specific users/groups. The example properites shown in this topic automatically assign the ADMIN/KEYADMIN role .

  1. In Cloudera Manager, select Ranger > Configuration.
  2. In Search, type role.assignmnet.
  3. In Ranger Usersync Default Group: verify that the following default delimiter values appear for each property:
    Property Name Delimiter Value
    ranger.usersync.role.assignment.list.delimiter &
    ranger.usersync.users.groups.assignment.list.delimiter :
    ranger.usersync.username.groupname.assignment.list.delimiter ,
  4. In Ranger UserSync Group Based Role Assignment Rules, type the following value as one string:
    ROLE_ADMIN_AUDITOR:u:auditorUsers,auditors& ROLE_ADMIN_AUDITOR:g:adminAuditorGroup,rangerAuditors&

    where "u" indicates user and "g" indicates group

  5. Click Save Changes (CTRL+S).
  6. If Usersync requires no other changes, choose Actions > Restart Usersync.